Lucene search
K

33612 matches found

Nuclei
Nuclei
added 10 hours ago12 views

Oracle iPlanet Web Server 7.0.x - Image Injection

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...

7.5CVSS6.5AI score0.81814EPSS
Exploits0References3
Nuclei
Nuclei
added 10 hours ago86 views

ESAFENET CDG - Arbitrary File Download

ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request. id: CVE-2019-9632 info: name: ESAFENET CDG - Arbitrary File Download author: pdteam severity: hi...

7.5CVSS7.2AI score0.39885EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago20 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field. id: CVE-2018-19914 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS5.9AI score0.03316EPSS
Exploits5References5
Nuclei
Nuclei
added 10 hours ago12 views

ChurchCRM - SQL Injection

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a time-based blind SQL Injection vulnerability in the EditEventTypes functionality. The newCountName parameter is directly concatenated into an SQL query without proper...

9.8CVSS7.3AI score0.02177EPSS
Exploits1References3
Nuclei
Nuclei
added 10 hours ago31 views

Spotweb <= 1.5.1 - Cross Site Scripting

Cross-site scripting XSS vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. id: CVE-2021-40973 info: name: Spotweb = 1.5.1 - Cross Site Scripting author: theamanrawat severity:...

6.1CVSS6.6AI score0.02222EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago34 views

ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting

ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens. id: CVE-2022-24681 info: name: ManageEngine ADSelfService Plus 6121 - Stored Cross-Site...

6.1CVSS6.2AI score0.03619EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago19 views

WebTareas 2.4p5 - Cross-Site Scripting

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. id: CVE-2022-44957 info: name: WebTareas...

5.4CVSS6.1AI score0.0104EPSS
Exploits1References4
EUVD
EUVD
added 13 hours ago4 views

EUVD-2026-39580

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

5.7CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 13 hours ago3 views

EUVD-2026-39576

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS5.9AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

5.7CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-11703

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-7532

The CVE-2026-7532 entry concerns WolfSSL: when WOLFSSL_IP_ALT_NAME is not defined, iPAddress name constraints are not enforced, allowing a certificate to bypass an issuing CA’s IP address constraints. Affected component: IP address name constraint handling in WolfSSL. Root cause: configuration wh...

5.7CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-11703 Missing SNI/ALPN binding on stateful (session-ID) TLS session resumption

Missing SNI/ALPN binding on stateful session-ID resumption, which previously skipped the binding check performed for ticket-based resumption. A cached session could be resumed under a different SNI/ALPN than originally negotiated and, where client-authentication policy differs across virtual host...

6CVSS
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-11703

CVE-2026-11703 (wolfSSL) describes missing SNI/ALPN binding on stateful (session-ID) TLS resumption. A cached TLS session could be resumed under a different SNI/ALPN than originally negotiated, potentially carrying cached peer-authentication state across virtual hosts. The public description stat...

6CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-39555

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

6CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-6731

Technical details (affected products, versions, root cause specifics, or remediation) are not publicly available in the provided documents; monitor for updates and future disclosures.

6CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-6731 X.509 name constraint bypass via Subject CN treated as a DNS name

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

6CVSS
Exploits0References2
EUVD
EUVD
added yesterday3 views

EUVD-2026-39549

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS5.8AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-10592

CVE-2026-10592 concerns certificates with wildcard DNS SANs (e.g., *.example.com) bypassing CA name-constraint checks. A wildcard SAN that should be rejected by the issuing CA’s permitted/excluded DNS name constraints could be accepted, enabling potential mis-issuance. The provided documents refe...

6.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder