Lucene search
+L

378 matches found

Nuclei
Nuclei
added yesterday58 views

Vtiger CRM v7.2.0 - Directory Listing

Vtiger CRM v7.2.0 contains a directory traversal vulnerability caused by improper access controls in /libraries and /layout directories, letting attackers display hidden files and list directories, exploit requires no authentication. id: CVE-2020-19363 info: name: Vtiger CRM v7.2.0 - Directory...

6.5CVSS6.6AI score0.03613EPSS
Exploits1References2
OSV
OSV
added 2026/07/07 7:16 p.m.2 views

CVE-2026-48951

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2026/07/07 7:16 p.m.6 views

CVE-2026-48951

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/07 5:30 p.m.33 views

CVE-2026-48951 Joomla! Core - [20260705] - XSS in various modalreturn layouts

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 5:30 p.m.18 views

CVE-2026-48951

CVE-2026-48951 relates to the Joomla! Core vulnerability described as “XSS in various modalreturn layouts” caused by a lack of escaping. The connected documents explicitly indicate Joomla core as affected and reference modalreturn layouts as the vulnerable component area. The NVD entry provides a...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/07 5:30 p.m.9 views

EUVD-2026-42063

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:30 p.m.7 views

CVE-2026-48951

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 5:30 p.m.8 views

CVE-2026-48951 Joomla! Core - [20260705] - XSS in various modalreturn layouts

Lack of escaping leads to XSS vulnerabilities in modalreturn layouts of various components...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56224

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in modalreturn layouts of various components allows for Cross-Site Scripting XSS, a technique where malicious scripts are injected into trusted websites. Recommendations...

8.4CVSS6.1AI score0.00147EPSS
Exploits0References5
NVD
NVD
added 2026/07/06 9:16 p.m.6 views

CVE-2026-25268

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...

8.8CVSS0.00072EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 8:9 p.m.5 views

EUVD-2026-41932

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...

8.8CVSS6AI score0.00072EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:9 p.m.26 views

CVE-2026-25268

The CVE-2026-25268 issue is a stack-based buffer overflow in WLAN Host caused by memory corruption when processing invalid HT40 channel layouts during dynamic channel switching. Affects WLAN Host with a Local attack vector, requiring Low privileges and no user interaction, and with a changed scop...

8.8CVSS6AI score0.00072EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.6 views

CVE-2026-25268

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...

8.8CVSS6AI score0.00072EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.37 views

CVE-2026-25268 Stack-based Buffer Overflow in WLAN Host

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations...

8.8CVSS0.00072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-55994

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon affected versions not specified Description Memory corruption occurs when processing invalid HT40 channel layouts during dynamic channel switching operations. HT40 refers to a High Throughput mode in wireless networking tha...

8.8CVSS6.1AI score0.00072EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 2:16 p.m.7 views

CVE-2026-53336

In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...

0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 1:32 p.m.23 views

CVE-2026-53336

CVE-2026-53336 (nvmem: layouts: onie-tlv) : A Linux kernel vulnerability where the nvmem onie-tlv parser could hang when encountering an unknown vendor-specific entry type (example 0x41) in EEPROM. The root cause was an endless loop in the parser. The published fix increments the offset for unkno...

5.8AI score0.00156EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.8 views

CVE-2026-31956

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.5AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:13 p.m.9 views

CVE-2026-8134

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

9.4CVSS6.2AI score0.00738EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 8:13 p.m.4 views

CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

9.4CVSS6.3AI score0.00738EPSS
Exploits0References4
Rows per page
Query Builder