Lucene search
+L

451 matches found

Nuclei
Nuclei
added 8 hours ago69 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7.4AI score0.02572EPSS
Exploits0References2
EUVD
EUVD
added yesterday8 views

EUVD-2026-45232

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...

3.7CVSS4.7AI score
Exploits0References1
Cvelist
Cvelist
added yesterday26 views

CVE-2026-21762 Missing HTTP Security Headers in DevOps Loop

HCL DevOps Loop is affected by missing HTTP security headers. Missing security headers may reduce browser protections against common web-based attacks such as clickjacking, MIME-type sniffing, and cross-site scripting...

3.7CVSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

KB5099445: Windows Server 2012 Security Update (July 2026)

The remote Windows host is missing security update 5099445. It is, therefore, affected by multiple vulnerabilities - Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network. CVE-2026-58594 - Heap-based buffer overflow in Windows Message Queuing...

9.9CVSS7AI score0.07356EPSS
Exploits1References174
NVD
NVD
added 2026/07/09 4:16 p.m.7 views

CVE-2025-27463

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/07/09 4:16 p.m.6 views

CVE-2025-27464

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 2:35 p.m.53 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/07 4:24 p.m.6 views

CVE-2026-58371

A flaw was found in SeaweedFS. This vulnerability allows a remote attacker to disclose sensitive information by exploiting an unvalidated JSONP JavaScript Object Notation with Padding callback parameter. The system reflects the callback parameter directly into responses without proper validation ...

3.1CVSS5.8AI score0.0021EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/02 6:15 a.m.11 views

CVE-2026-13323

A flaw was found in Open VSX Registry. The /vscode/unpkg/ endpoint serves user-supplied HTML files with a Content-Type of text/html without Content-Security-Policy or Content-Disposition: attachment response headers. An attacker with a registered publisher account can upload a VSIX containing a...

8.7CVSS5.6AI score0.0019EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/23 10:50 a.m.11 views

EUVD-2026-38424

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

4.1CVSS5.9AI score0.00226EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 10:50 a.m.5 views

CVE-2026-4983

Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy or Content-Disposition: attachment. This allows an attacker to publish an extension with a maliciou...

4.1CVSS5.9AI score0.00226EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/17 9:5 p.m.25 views

CVE-2026-8049

The CVE-2026-8049 issue affects SignalRGB’s Windows kernel driver, SignalIo.sys, in versions prior to 1.3.7.0. The device object (.SignalIo) is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN, resulting in overly permissive default access. This permits any...

5.3CVSS5.3AI score0.00087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-52609

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

5.3CVSS5.1AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-44259

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg extensions are served as text/html or image/svg+xml...

4.6CVSS5.6AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-27662

Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...

7.7CVSS7.7AI score0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 12:16 p.m.13 views

CVE-2025-52609

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

5.3CVSS0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:42 a.m.10 views

CVE-2025-52609

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

3.7CVSS5.6AI score0.00161EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:42 a.m.45 views

CVE-2025-52609 HCL iControl was affected by Missing Security Headers vulnerability.

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

3.7CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:42 a.m.9 views

CVE-2025-52609 HCL iControl was affected by Missing Security Headers vulnerability.

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

3.7CVSS5.6AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 11:42 a.m.10 views

EUVD-2025-210060

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting XSS attacks by enabling the built-in XSS filtering mechanisms of modern web browsers...

5.3CVSS5.6AI score0.00161EPSS
Exploits0References1
Rows per page
Query Builder