Lucene search
K

26 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-42614

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS5.6AI score
Exploits0References4
Cvelist
Cvelist
added yesterday10 views

CVE-2026-53987 GLPI 11 < 2.14.4 Tag Plugin Stored Cross-Site Scripting in Kanban Badge Rendering

The Tag plugin for GLPI 11 before 2.14.4 stores the tag name without HTML sanitization and renders it into the Kanban badge markup via PluginTagTag::preKanbanContent without output escaping, resulting in stored cross-site scripting. An authenticated user with TAG MANAGEMENT create or update right...

7.3CVSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 4:13 a.m.32 views

EUVD-2026-28318

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL validation function that blocks dangerous SQL keywords e.g., pgreadfile, LOADFILE, dblink is applied on the collections:create and...

7.2CVSS6AI score0.01833EPSS
Exploits1References4
NVD
NVD
added 2026/04/21 11:16 p.m.8 views

CVE-2026-40928

WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under objects/ accept state-changing requests via $REQUEST/$GET and persist changes tied to the caller's session user, without any anti-CSRF token, origin check, or referer check. A malicious...

5.4CVSS0.00115EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/11 8:50 p.m.2 views

CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1
CVE
CVE
added 2026/03/11 8:50 p.m.17 views

CVE-2026-32124

OpenEMR’s dynamic code picker (AJAX) endpoint returns code_text without HTML escaping prior to version 8.0.0.1, allowing stored XSS via a malicious description entered by an admin or a user with code management rights. The vulnerability affects the rendering in front-end components (e.g., DataTab...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.16 views

EUVD-2020-28022

Malware in sbrugna...

9.8CVSS9.2AI score0.01204EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-33630

Malicious code in bioql PyPI...

4.9CVSS5.3AI score0.00883EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-39623

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00405EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.8 views

CVE-2024-47104

IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated...

6.8CVSS6.4AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:13 p.m.7 views

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

4.9CVSS6.9AI score0.00883EPSS
Exploits1References1
NCSC
NCSC
added 2024/02/08 12:0 a.m.8 views

Vulnerabilities fixed in VMware Aria Operations Networks

VMWare has fixed vulnerabilities in Aria Operations Networks, formerly known as vRealize Network Insight. A malicious party could exploit the vulnerabilities to gain access to sensitive data, to elevate privileges or to launch a Cross-Site Scripting XSS attack. The vulnerability marked...

7.8CVSS6.7AI score0.37849EPSS
Exploits0
CNNVD
CNNVD
added 2022/12/08 12:0 a.m.6 views

DHIS 2 安全漏洞

DHIS 2 is a software application. A flexible information system for data capture, management, validation, analysis and visualization. A security vulnerability exists in DHIS 2 core versions 2.34, 2.35, 2.36, 2.37, 2.38, and 2.39, which originates from the fact that a DHIS 2 user who has the right...

7.2CVSS7AI score0.006EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/10/20 8:5 p.m.9 views

CVE-2022-36966 Insecure Direct Object Reference Vulnerability: Orion Platform 2020.2.6

Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference IDOR vulnerability in SolarWinds Platform 2022.3 and previous...

5.4CVSS5.5AI score0.00405EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.5 views

PT-2022-23712 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform versions 2022.3 and previous Description: The issue is related to insufficient control on a URL parameter, causing an insecure direct object reference IDOR vulnerability. This allowed users with Node Management rights to...

5.4CVSS5.3AI score0.00405EPSS
Exploits0References9
OSV
OSV
added 2022/04/16 12:15 a.m.5 views

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

4.9CVSS5.8AI score0.00883EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/04/16 12:15 a.m.4 views

CVE-2022-29287

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

4.9CVSS5.9AI score0.00883EPSS
Exploits1References3
Prion
Prion
added 2022/04/16 12:15 a.m.16 views

Design/Logic Flaw

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights default is Administrator to export the user options of any user, even ones with higher privileges like Global Administrators than the current user. The exported XML...

4CVSS5.1AI score0.00883EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/01/19 12:0 a.m.6 views

Cacti 跨站脚本漏洞

Cacti is an open source set of network traffic monitoring and analysis tools from the Cacti team. The tool obtains data via snmpget, uses RRDtool drawing graphs for analysis, and provides data and user management features. a cross-site scripting vulnerability exists in Cacti, which stems from Cac...

5.4CVSS5.2AI score0.00532EPSS
Exploits0References3
NCSC
NCSC
added 2021/05/06 12:0 a.m.16 views

Vulnerabilities fixed in Cisco Content Security Management Appliance

Vulnerabilities have been fixed in several Cisco security appliances. A malicious party could exploit the vulnerability to obtain sensitive information or to execute commands execute commands on the underlying system under root privileges. To exploit this latter vulnerability, the malicious party...

7.2CVSS7.2AI score0.01156EPSS
Exploits0
Rows per page
Query Builder