Lucene search
K

1077 matches found

OSV
OSV
added 2026/03/24 8:40 p.m.2 views

GHSA-98WM-CXPW-847P Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

5.4CVSS5.9AI score0.00231EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27631

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja allows for the execution of stored cross-site scripting XSS payloads through invoice line item descriptions in versions 5.13.0 through 5.13.3. The line item description fie...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27587

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 visionOS versions prior to 26.4 watchOS versions prior to 26.4...

3.3CVSS5.8AI score0.00167EPSS
Exploits0References11
Veeam
Veeam
added 2026/03/24 12:0 a.m.22 views

New Search Experience for Veeam Data Cloud for Microsoft 365

Purpose We are excited to announce the initial rollout of our new search feature, designed to significantly improve the speed and efficiency of your search experience. Below are the details and important limitations to be aware of during this phased rollout. What's New Faster Search Experience Ou...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/23 1:47 p.m.7 views

Malicious code in pulse-scroll-triggered-list-items (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5917623184677210f5a42bead660945379d7a3c1cabf055e011a2794a233d517 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-0602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowe...

4.3CVSS5.9AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 8:51 p.m.5 views

EUVD-2026-11397

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input POST and later rendered in Dygraph charts titles/labels using innerHTML or equivalent without...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/11 4:5 p.m.4 views

CVE-2026-0602

Removed by vendor...

4.3CVSS5.8AI score0.00243EPSS
Exploits0
EUVD
EUVD
added 2026/03/11 12:12 a.m.4 views

EUVD-2026-10914

Sylius is Missing Authorization in API v2 Add Item Endpoint...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 10:16 p.m.6 views

CVE-2026-31821

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

6.9CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:25 p.m.29 views

CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint

Sylius is an Open Source eCommerce Framework on Symfony. The POST /api/v2/shop/orders/tokenValue/items endpoint does not verify cart ownership. An unauthenticated attacker can add items to other registered customers' carts by knowing the cart tokenValue. An attacker who obtains a cart tokenValue...

6.9CVSS0.00182EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.13 views

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the lack of validation for ownership in the POST /api/v2/shop/orders/tokenValue/items endpoint. As a...

6.9CVSS5.8AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/09 1:42 a.m.6 views

CVE-2026-3672

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/08 12:31 a.m.7 views

EUVD-2026-10189

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/07 9:32 p.m.31 views

CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS0.00192EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/07 9:32 p.m.3 views

CVE-2026-3672

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

6.5CVSS5.6AI score0.00192EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.8 views

CVE-2026-30843

Wekan is an open source kanban tool built with Meteor. Versions 8.32 and 8.33 have a critical Insecure Direct Object Reference IDOR issue which could allow unauthorized users to modify custom fields across boards through its custom fields update endpoints, potentially leading to unauthorized data...

9.3CVSS5.8AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.7 views

PT-2026-23883

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.1 Description A flaw exists within JeecgBoot that allows for SQL injection. This issue is located in the isExistSqlInjectKeyword function within the /jeecg-boot/sys/api/getDictItems file. Successful exploitation...

6.5CVSS6.5AI score0.00192EPSS
Exploits0References7
OSV
OSV
added 2026/03/03 1:29 p.m.4 views

BIT-DISCOURSE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.14 views

CVE-2026-28354

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...

7.1CVSS6AI score0.00263EPSS
Exploits1References1
Rows per page
Query Builder