Lucene search
+L

1864 matches found

nuclei
nuclei
added yesterday44 views

Good Layers LMS Plugin <= 2.1.4 - SQL Injection

An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...

9.8CVSS7.1AI score0.1064EPSS
Exploits2References3
nvd
nvd
added 3 days ago7 views

CVE-2026-58595

Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS0.00469EPSS
Exploits0References1
mscve
mscve
added 3 days ago6 views

Microsoft Bing App for IOS Spoofing Vulnerability

Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network...

8.1CVSS6.1AI score0.00469EPSS
Exploits0
cve
cve
added 2026/06/30 4:30 a.m.20 views

CVE-2026-11367

The PixMagix WordPress Image Editor plugin (versions up to 1.7.2) is affected by a Directory Traversal flaw in move_image_on_server, allowing authenticated users with author+ rights to write attacker-controlled files to arbitrary server paths via the unsanitized layers[].id parameter being concat...

6.5CVSS5.9AI score0.00541EPSS
Exploits0References4
patchstack
patchstack
added 2026/06/29 4:17 p.m.6 views

WordPress PixMagix – WordPress Image Editor plugin <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter vulnerability

Authenticated Author+ Path Traversal in 'layers.id' Parameter vulnerability discovered by devploit in WordPress Plugin PixMagix WordPress Image Editor versions = 1.7.2...

6.5CVSS5.8AI score0.00541EPSS
Exploits0References1Affected Software1
susecve
susecve
added 2026/06/27 1:52 a.m.7 views

SUSE CVE-2026-55092

Trivy is a security scanner. Prior to 0.71.1, when Trivy downloads an OCI artifact, it uses the org.opencontainers.image.title annotation from the artifact manifest as the destination filename without validation. An attacker who can make Trivy fetch an attacker-controlled artifact can supply a...

8.8CVSS5.9AI score0.00292EPSS
Exploits0References3
snyk
snyk
added 2026/06/18 3:4 p.m.10 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the NbconvertFileHandler and NbconvertPostHandler classes when rendering user-authored notebook HTML without a proper sandbox directive in the Content-Security-Policy. An attacker...

9.3CVSS6.7AI score0.00227EPSS
Exploits0References3
osv
osv
added 2026/06/13 8:57 a.m.13 views

BIT-GITLAB-2026-10733 Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization...

4.3CVSS5.5AI score0.0022EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.21 views

PT-2026-48927

A vulnerability in Kedro version 1.2.0 allows an attacker to exploit path traversal by providing a crafted version string. The get versioned path method in kedro/io/core.py directly interpolates user-supplied version strings into filesystem paths without sanitization. This enables an attacker to...

7.1CVSS7.1AI score0.00186EPSS
Exploits1References2
vulnrichment
vulnrichment
added 2026/06/11 10:19 a.m.11 views

CVE-2026-10733 Improper Restriction of Rendered UI Layers or Frames in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause denial of service on the CI/CD Catalog page due to improper sanitization...

4.3CVSS5.5AI score0.0022EPSS
Exploits0References2
cve
cve
added 2026/06/11 10:19 a.m.27 views

CVE-2026-10733

GitLab CVE-2026-10733 affects GitLab CE/EE versions prior to 18.10.8 (from 17.0 line), 18.11 prior to 18.11.5, and 19.0 prior to 19.0.2. Root cause: improper sanitization that could allow an authenticated user to cause a denial-of-service on the CI/CD Catalog page. Remediation: upgrade to the pat...

4.3CVSS5.5AI score0.0022EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/06/11 12:0 a.m.19 views

MCP Server Kubernetes 安全漏洞

MCP Server Kubernetes is a Kubernetes management server developed by Suyog Sonwalkar. Versions of MCP Server Kubernetes prior to 3.6.0 contained security vulnerabilities. These vulnerabilities stemmed from access control being executed at the tool discovery layer but not at the execution layer,...

8.8CVSS5.6AI score0.00376EPSS
Exploits0References1
snyk
snyk
added 2026/06/08 11:8 p.m.3 views

Improper Restriction of Rendered UI Layers or Frames

Overview Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames due to missing security headers in the internal/web/ and internal/api/ response paths. An attacker can compromise the confidentiality and integrity of sensitive operations, such as...

7.1CVSS6AI score0.00031EPSS
Exploits0References2
packetstormnews
packetstormnews
added 2026/06/06 12:0 a.m.30 views

An AI Security Agent for University ACMIS: Multi-Vector Threat Detection and Automated Response

University Academic Management Information Systems ACMIS are high-value targets for a wide spectrum of security threats including brute-force login attacks, payment fraud, privilege escalation, insider data theft, and academic integrity violations. Traditional rule-based intrusion detection syste...

5.4AI score
Exploits0
packetstormnews
packetstormnews
added 2026/05/28 12:0 a.m.13 views

Dissecting the Black Box: Circuit-Level Analysis of LLM Vulnerability Detection

Large language models LLMs can detect software vulnerabilities, but how do they actually identify vulnerable code? We address this question using mechanistic interpretability; analyzing the internal computations of a neural network to understand its reasoning process.Using Circuit Tracer on...

5.9AI score
Exploits0
redhatcve
redhatcve
added 2026/05/26 8:14 p.m.18 views

CVE-2026-9396

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References1
cve
cve
added 2026/05/24 8:15 p.m.28 views

CVE-2026-9396

The CVE-2026-9396 entry concerns Besen BS20 EV Charging Station firmware (up to 20260426). Affected component: Firmware Version Check. The vulnerability is caused by an issue in the UI layer rendering, where manipulation can cause improper restriction of rendered UI layers. The attack is describe...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/24 8:15 p.m.12 views

CVE-2026-9396

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References5Affected Software1
vulnrichment
vulnrichment
added 2026/05/24 8:15 p.m.12 views

CVE-2026-9396 Besen BS20 EV Charging Station Firmware Version Check ui layer

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

6.3CVSS5.1AI score0.00268EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.11 views

PT-2026-42620

Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and run OCI containers within them. Boxlite allows users to specify the OCI image used by containers in the sandbox. However, when processing tar entries in OCI images, Boxlite does not account for...

9.6CVSS6.4AI score
Exploits0References4
Rows per page
Query Builder