Lucene search
K

11 matches found

Vulnrichment
Vulnrichment
added 2026/06/04 7:31 p.m.8 views

CVE-2026-41522 Iris has an Improper Authorization issue

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS5.6AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/03 4:2 p.m.12 views

CVE-2026-35717

A stack-based buffer overflow in the exportlanguage.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/exportlanguage.cgi endpoint. The handler passes the...

6.3CVSS6.5AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.11 views

PT-2026-41878

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Security Assertion Markup Language SAML endpoint allows a remote, unauthenticated attacker to send specially crafted XML input. This improper input validation can cause high CP...

7.8CVSS5.4AI score0.00743EPSS
Exploits0References21
Snyk
Snyk
added 2026/03/03 9:17 p.m.5 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the SQL function. An attacker can gain unauthorized access to sensitive database content and potentially modify data by sending crafted SQL queries to the /api/query/sql endpoint as a low-privileged user...

8.8CVSS7.2AI score0.00323EPSS
Exploits1References3
NVD
NVD
added 2026/02/07 12:15 p.m.13 views

CVE-2026-2084

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

8.6CVSS0.03855EPSS
Exploits1References6
EUVD
EUVD
added 2026/02/07 11:32 a.m.8 views

EUVD-2026-5729

A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/setlanguage. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remotely. The exploit has been made available to...

8.6CVSS5.3AI score0.03855EPSS
Exploits1References6
CNVD
CNVD
added 2025/09/08 12:0 a.m.2 views

appRain CMF cross-site scripting vulnerability (CNVD-2025-21129)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/language/default.xml endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.3AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/04 12:0 a.m.6 views

PT-2025-35912

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied data. The vulnerability is triggered through the datacode, datalang0key, datalang0value,...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/04 12:0 a.m.3 views

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/language/default.xml endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

5.4CVSS6.2AI score0.00162EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-2478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all...

9.6CVSS6.9AI score0.05042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.5 views

PT-2023-20982 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: openapi-generator versions up to v6.4.0 Description: The issue is related to a Server-Side Request Forgery SSRF in the component "/api/gen/clients/language". This allows attackers to access network resources and sensitive information via a...

9.1CVSS8.8AI score0.00956EPSS
Exploits1References10
Rows per page
Query Builder