Lucene search
+L

633 matches found

Nuclei
Nuclei
added yesterday116 views

OpenCMS 14 & 15 - Cross Site Scripting

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...

6.1CVSS6AI score0.01752EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/09 6:31 p.m.6 views

EUVD-2026-42642

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

6AI score0.00433EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.8 views

EUVD-2026-42641

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

6.5CVSS6AI score0.00177EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/09 6:31 p.m.6 views

EUVD-2026-42640

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

6AI score0.00372EPSS
Exploits0References2
NVD
NVD
added 2026/07/09 5:16 p.m.10 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

6.5CVSS0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 5:16 p.m.9 views

CVE-2026-51597

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

9.1CVSS0.00372EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.7 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

6AI score0.00433EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 12:0 a.m.10 views

CVE-2026-51597

CVE-2026-51597 affects the Mercury MIPC252W IP camera, version 1.0.5 Build 230306 Rel.79931n. The issue is that RTSP Digest authentication does not expire nonces, enabling an adjacent network attacker to capture a legitimate authentication exchange and replay the nonce and response in a new conne...

9.1CVSS6AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 12:0 a.m.8 views

CVE-2026-51598

CVE-2026-51598 affects MERCURY MIPC252W IP Camera (RTSP service) with firmware v1.0.5 Build 230306 Rel.79931n. The issue is an input validation vulnerability in the RTSP service that allows an unauthenticated, network-adjacent attacker to cause a denial of service by sending a crafted DESCRIBE re...

6.5CVSS6AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 12:0 a.m.12 views

CVE-2026-51599

CVE-2026-51599 affects MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n. The issue is an insufficient input validation in the RTSP service where an RTSP request with a Content-Length header but no body causes the RTSP parser to enter a body-waiting state, leading to the connection being silently c...

9.8CVSS6AI score0.00433EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.32 views

CVE-2026-51597

MERCURY MIPC252W IP camera v1.0.5 Build 230306 Rel.79931n does not implement nonce expiration in RTSP Digest authentication. An adjacent network attacker can capture a legitimate authentication exchange and replay the nonce and response values in a new connection to bypass authentication without...

0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.30 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 12:0 a.m.29 views

CVE-2026-51599

An insufficient input validation vulnerability in the RTSP service of MERCURY MIPC252W v1.0.5 Build 230306 Rel.79931n allows an unauthenticated remote attacker to render an individual TCP connection temporarily unusable via sending an RTSP request with a Content-Length header but no corresponding...

0.00433EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/09 12:0 a.m.9 views

CVE-2026-51598

An input validation vulnerability in the RTSP service of MERCURY MIPC252W IP Camera v1.0.5 Build 230306 Rel.79931n allows an unauthenticated, network-adjacent attacker to cause a denial of service via a crafted DESCRIBE request with a malformed URL in the request line...

6.5CVSS6AI score0.00177EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-61311

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-61313

A reflected cross-site scripted XSS vulnerability in the dfm-menumarkeralerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS5.7AI score0.00292EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2025-209770

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS6AI score0.00292EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.11 views

EUVD-2025-209769

A reflected cross-site scripted XSS vulnerability in the acc-menubillings.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS6AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.9 views

EUVD-2025-209766

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

6.1CVSS6AI score0.00236EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/11 6:31 p.m.12 views

EUVD-2025-209771

A reflected cross-site scripted XSS vulnerability in the acc-menupricess.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

7.3CVSS6AI score0.00292EPSS
Exploits0References4
Rows per page
Query Builder