Lucene search
+L

7174 matches found

nvd
nvd
added 3 days ago5 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS0.00294EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-48359

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS0.00534EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-48259

Adobe Experience Manager is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining...

9.6CVSS0.00407EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago35 views

CVE-2026-48371 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS0.00182EPSS
Exploits0References1
cve
cve
added 3 days ago8 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2026-47994). The issue allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, with malicious JavaScript potentially executing in a victim’s browser when visiting the page contai...

8.7CVSS6.1AI score0.00336EPSS
Exploits0References1Affected Software1
cve
cve
added 3 days ago9 views

CVE-2026-48263

CVE-2026-48263 : Adobe Experience Manager is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. The issue allows a low-privileged attacker to inject malicious scripts, which may execute in a victim’s browser when visiting a page containing the vulnerable fiel...

5.4CVSS6.1AI score0.00294EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago34 views

CVE-2026-15641

Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review...

0.00224EPSS
Exploits0References1
cve
cve
added 3 days ago5 views

CVE-2026-15637

CVE-2026-15637 affects Devolutions Server 2026.2.11 and 2026.1.22: improper authorization in the PAM SSH key and certificate retrieval endpoints allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the...

7.5CVSS6.1AI score0.00192EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago32 views

CVE-2026-15637

Improper authorization in the PAM SSH key and certificate retrieval endpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to disclose the private key of an SSH key or certificate PAM credential via a direct object reference to the credential identifier...

0.00192EPSS
Exploits0References1
euvd
euvd
added 3 days ago8 views

EUVD-2026-43577

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS6.1AI score0.00389EPSS
Exploits0References6
euvd
euvd
added 3 days ago4 views

EUVD-2026-43545

AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...

4.7CVSS6.3AI score0.00104EPSS
Exploits0References2
euvd
euvd
added 3 days ago4 views

EUVD-2026-43543

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

4.7CVSS6.3AI score0.00104EPSS
Exploits0References2
ptsecurity
ptsecurity
added 3 days ago6 views

PT-2026-58705

Name of the Vulnerable Software and Affected Versions Adobe Experience Manager affected versions not specified Description Adobe Experience Manager contains a Server-Side Request Forgery SSRF flaw, which occurs when a server is tricked into making requests to an unintended location. This issue...

9.6CVSS6.5AI score0.00407EPSS
Exploits0References3
cve
cve
added 3 days ago6 views

CVE-2026-36035

The CVE-2026-36035 entry concerns CAXPerts UniversalPlantViewer WebServices Server v2.7.6 where an incorrect access control in the /api/License/deactivateOffline endpoint allows authenticated attackers with low privileges to trigger a Denial of Service by removing the license from the webserver. ...

6.5CVSS6.1AI score0.00293EPSS
Exploits0References3
cvelist
cvelist
added 3 days ago32 views

CVE-2026-36035

Incorrect access control in the /api/License/deactivateOffline endpoint of CAXPerts UniversalPlantViewer WebServices Server v2.7.6 allows authenticated attackers with low-level privileges to cause a Denial of Service DoS via removing the license from the webserver...

0.00293EPSS
Exploits0References3
nvd
nvd
added 4 days ago3 views

CVE-2026-15681

AnyDesk Screen Recording Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order t...

5.5CVSS0.00104EPSS
Exploits0References1
nvd
nvd
added 4 days ago4 views

CVE-2026-15682

AnyDesk Support Information Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

5.5CVSS0.00104EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago36 views

CVE-2026-58410 ChurchCRM: Improper object-level authorization allows low-privileged users to read and modify other families’ records

ChurchCRM is an open-source church management system. Prior to version 7.4.0, there was an authorization flaw in the family-scoped endpoints which allowed low-privileged users to read and modify other families’ records. An authenticated non-admin user with EditSelf access can supply another...

7.1CVSS0.00174EPSS
Exploits0References1
cve
cve
added 4 days ago12 views

CVE-2026-58410

CVE-2026-58410 (ChurchCRM) — Prior to version 7.4.0, an improper object-level authorization flaw in family-scoped endpoints allowed authenticated, non-admin users with EditSelf access to read/modify records from other families by supplying a different familyId. The backend trusts attacker-control...

7.1CVSS6.1AI score0.00174EPSS
Exploits0References1
cve
cve
added 4 days ago7 views

CVE-2026-58408

ChurchCRM prior to version 7.4.0 exposes a CSV export endpoint that leaks full PII of every Person/Family. The POST /CSVCreateFile.php export is gated only by a coarse admin permission check and lacks a dedicated isAdmin/owner authorization, allowing any user with non-admin flags to trigger a bul...

6.5CVSS6.1AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder