Lucene search
K

7272 matches found

NVD
NVD
added yesterday6 views

CVE-2026-58315

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS0.00102EPSS
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-42007

Cross-site request forgery vulnerability exists in SEIKO EPSON Web Config. If a user views a malicious page while logged into Web Config, unintended operations may be performed...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
CVE
CVE
added yesterday17 views

CVE-2026-58315

CVE-2026-58315 describes a Cross-site request forgery in SEIKO EPSON Web Config. The vulnerability could allow unintended operations when a logged-in user visits a malicious page, as reported by both the NVD entry and CVE records. Connected sources confirm the product area (SEIKO EPSON Web Config...

5.1CVSS5.9AI score0.00102EPSS
Exploits0References2
Mozilla
Mozilla
added 3 days ago10 views

Security Vulnerabilities fixed in Firefox for iOS 152.3 — Mozilla

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content...

6.3CVSS6AI score0.00146EPSS
Exploits0References1Affected Software1
NVD
NVD
added 6 days ago13 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-55110

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00181EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago11 views

EUVD-2026-41388

A malicious actor who lures an authenticated user to a malicious page could exploit a Cross-Origin Resource Sharing CORS misconfiguration found in UniFi OS to trigger actions in UniFi OS using that user's session...

7.5CVSS5.7AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:33 a.m.5 views

EUVD-2026-39140

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS5.4AI score0.0067EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 12:17 a.m.9 views

CVE-2026-9780

Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that the target must vis...

8.8CVSS0.0067EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:43 p.m.24 views

CVE-2026-2050 GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

7.8CVSS0.00552EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.30 views

CVE-2016-20067 WordPress CP Polls 1.0.8 Cross-Site Request Forgery

WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in...

5.3CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36634

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

4.6CVSS5.3AI score0.00225EPSS
Exploits0References3
NVD
NVD
added 2026/06/13 12:16 a.m.19 views

CVE-2026-11443

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

4.6CVSS0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 11:4 p.m.42 views

CVE-2026-11443

CVE-2026-11443 affects Allegra via the downloadAttachment method, where insufficient validation of user-supplied data enables cross-site scripting and an authentication bypass. This allows remote attackers to execute arbitrary script in the context of the current user after visiting a malicious p...

4.6CVSS5.3AI score0.00225EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 11:4 p.m.7 views

CVE-2026-11443 Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability

Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

4.6CVSS5.7AI score0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:43 a.m.29 views

CVE-2026-12060 Hepta Platforms|Heptabase - Exposed Dangerous

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS0.00313EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 6:43 a.m.6 views

CVE-2026-12060 Hepta Platforms|Heptabase - Exposed Dangerous

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS5.3AI score0.00313EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 6:43 a.m.13 views

EUVD-2026-36390

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS5.3AI score0.00313EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 6:43 a.m.22 views

CVE-2026-12060

CVE-2026-12060 concerns Heptabase (Hepta Platforms) with an Exposed Dangerous Method or Function vulnerability. The description indicates unauthenticated remote attackers can leverage social engineering to persuade a victim to open or load a malicious webpage inside the Heptabase application, res...

6.9CVSS5.3AI score0.00313EPSS
Exploits0References2
Rows per page
Query Builder