CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

413 matches found

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00043EPSS

Exploits2References1

NVD•added yesterday•8 views

CVE-2026-11408

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS0.00937EPSS

Exploits0References8

EUVD•added yesterday•9 views

EUVD-2026-34965

6.5CVSS6.3AI score0.00937EPSS

Exploits0References8

Cvelist•added yesterday•29 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

6.5CVSS0.00937EPSS

Exploits0References8

ATTACKERKB•added yesterday•5 views

CVE-2026-11408

6.5CVSS6.3AI score0.00937EPSS

Exploits0References8Affected Software1

CVE•added yesterday•14 views

CVE-2026-11408

Summary of CVE-2026-11408 : A vulnerability exists in vertex-app up to 2026.02.12 affecting the Log Viewer Endpoint, specifically the file app/model/LogMod.js. The issue arises from processing of the query parameter req.query, enabling an os command injection. This can be exploited remotely; expl...

6.5CVSS6.3AI score0.00937EPSS

Exploits0References8

Positive Technologies•added yesterday•10 views

PT-2026-47150

Name of the Vulnerable Software and Affected Versions vertex-app vertex versions prior to 2026.02.12 Description An issue exists in the Log Viewer Endpoint component within the file app/model/LogMod.js. Improper processing of the req.query argument allows for remote OS command injection, which...

6.5CVSS6.9AI score0.00937EPSS

Exploits0References10

RedhatCVE•added 2 days ago•6 views

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

6.1CVSS5.5AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2 days ago•5 views

CVE-2026-5301

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

7.6CVSS5.4AI score0.00041EPSS

Exploits0References1

NVD•added 2 days ago•5 views

CVE-2026-50231

7.2CVSS0.00043EPSS

Exploits2References2

ATTACKERKB•added 2 days ago•4 views

CVE-2026-50231

7.2CVSS5.6AI score0.00043EPSS

Exploits2References3Affected Software1

EUVD•added 2 days ago•6 views

EUVD-2026-34830

7.2CVSS5.6AI score0.00043EPSS

Exploits2References2

Cvelist•added 2 days ago•30 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

7.2CVSS0.00043EPSS

Exploits2References2

CVE•added 2 days ago•10 views

CVE-2026-50231

CVE-2026-50231 – Lyrion Music Server 9.2.0 suffers an unauthenticated stored XSS in the log viewer. The root cause is unescaped template variables, enabling attackers to inject scripts via search/lines/path query parameters or logged values (URLs, User-Agent, stream titles, player names) to run i...

7.2CVSS5.6AI score0.00043EPSS

Exploits2References2

Zero Science Lab•added 2 days ago•17 views

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

7.2CVSS5.4AI score0.00043EPSS

Exploits2

Positive Technologies•added 2 days ago•10 views

PT-2026-46950

7.2CVSS5.6AI score0.00043EPSS

Exploits2References3

Packet Storm•added 2 days ago•19 views

📄 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting

The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that gets logged a crafted URL, User-Agent, stream title, player name becomes persistent cross site scripting. Lyrion Music Server 9.2.0...

7.2CVSS4.4AI score0.00043EPSS

Exploits2

EUVD•added 3 days ago•6 views

EUVD-2026-34284

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS5.7AI score0.0004EPSS

Exploits0References2

ATTACKERKB•added 3 days ago•4 views

CVE-2026-43984

8.9CVSS5.7AI score0.0004EPSS

Exploits0References3Affected Software1

Nuclei•added 4 days ago•22 views

Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read

The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...

7.5CVSS7.3AI score0.92591EPSS

Exploits1References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by