Lucene search
+L

1607 matches found

Nuclei
Nuclei
added yesterday89 views

WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting

WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...

5.5CVSS6.3AI score0.01193EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43068

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

6.1AI score0.00423EPSS
Exploits0References2
Cvelist
Cvelist
added last week29 views

CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
CVE
CVE
added last week11 views

CVE-2026-38057

The CVE-2026-38057 entry affects the iDirect iQ200 series. The issue is CSRF on state-changing API endpoints, specifically the /api/reboot POST endpoint, which accepts requests authenticated only by a session cookie that lacks the SameSite attribute. A remote attacker can lure an authenticated ad...

8.1CVSS6.1AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added last week30 views

CVE-2026-38057 ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery

The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that lacks the SameSite attribute. A remote attacker can host a malicious web page that, when visited by an...

8.1CVSS0.00308EPSS
Exploits0References3
NVD
NVD
added 2026/06/29 4:16 p.m.10 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 3:19 p.m.33 views

CVE-2026-13742 Lack of signature verification before execution of downloaded content

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS0.00083EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 3:19 p.m.6 views

CVE-2026-13742

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 3:19 p.m.6 views

EUVD-2026-40126

Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...

5.8CVSS5.8AI score0.00083EPSS
Exploits0References1
Drupal
Drupal
added 2026/06/26 12:0 a.m.13 views

Tealium iQ Tag Management - Critical - PHP object injection - SA-CONTRIB-2026-064

The Tealium iQ Tag Management module provides Drupal integration with Tealium iQ. tealiumiq stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an Object Injection vulnerability when the data are unserialized. This...

8.1CVSS5.8AI score0.00423EPSS
Exploits0References2
NVD
NVD
added 2026/06/19 3:16 a.m.13 views

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS0.00367EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/19 2:31 a.m.15 views

EUVD-2026-37975

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS5.4AI score0.00367EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:31 a.m.11 views

CVE-2026-8806

Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service DoS condition in the affected product by continuously sending a large number of communication packets to t...

8.7CVSS5.3AI score0.00367EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 2:31 a.m.32 views

CVE-2026-8806

The CVE-2026-8806 entry concerns Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module (FX5-ENET/IP), with all versions affected. The vulnerability is described as an Expected Behavior Violation that could allow a remote attacker to cause a DoS by flooding the Ethernet port with a hi...

8.7CVSS5.3AI score0.00367EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 2:26 a.m.36 views

CVE-2026-8805 Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module

Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service DoS condition in the affected product by rapidly establishing a larg...

8.7CVSS0.00379EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 2:26 a.m.24 views

CVE-2026-8805

CVE-2026-8805 affects the MELSEC iQ-F Series EtherNet/IP module FX5-EIP (versions 1.000 and prior). The bug is an integer overflow/wraparound in the EtherNet/IP function that can be triggered remotely by rapidly opening many TCP connections, causing a DoS through an inconsistency in internal conn...

8.7CVSS5.3AI score0.00379EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:16 p.m.27 views

CVE-2026-0274

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS0.00285EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 9:2 p.m.37 views

CVE-2026-0274 Cortex XSOAR: Improper Validation of Credentials in CommvaultSecurityIQ integration

An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resources...

9.3CVSS0.00285EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41959

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

7.1CVSS5.6AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.10 views

CVE-2026-22054

Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

8.8CVSS5.4AI score0.00237EPSS
Exploits0References1
Rows per page
Query Builder