Lucene search
K

303 matches found

Nuclei
Nuclei
added 2 days ago23 views

Navigate CMS 2.9.4 - Server-Side Request Forgery

Navigate CMS 2.9.4 is susceptible to server-side request forgery via feedparser class. This can allow a remote attacker to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter, thus enabling possible theft of sensitive information, data...

4.9CVSS6AI score0.2195EPSS
Exploits6References5
Snyk
Snyk
added 2026/06/22 11:16 p.m.8 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo open option. An attacker can execute arbitrary scripts in the application's origin by supplying a crafted open parameter containing a script-capable URL. Details Cross-site scripting or XSS is...

9.6CVSS5.9AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-56326

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and /.//evil.com. Attackers can bypass external-host checks using path-normalization techniques to...

6.1CVSS0.00205EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 9:4 p.m.21 views

CVE-2026-56698 Nuxt - Cross-Site Scripting via navigateTo open Option

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...

6.1CVSS0.00234EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.10 views

PT-2026-51417

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.x prior to 3.21.7 Nuxt versions 4.0.0 through 4.4.6 Description Nuxt fails to validate script-capable URLs in the navigateTo open option, which allows for client-side script execution. When user-controlled input is passed to...

6.1CVSS6AI score0.00234EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/16 1:47 p.m.11 views

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via improper handling of URLs in the navigateTo function. An attacker can execute arbitrary scripts or redirect users to malicious sites by supplying crafted URLs that exploit path normalization and protocol-relative...

9.6CVSS6.1AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.8 views

CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

7.5CVSS6.8AI score0.0032EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.9 views

CVE-2026-3317

Reflected Cross-Site Scripting XSS vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user input is not properly sanitized through designed query parameters. This results in unsafe HTML rendering, which could allow a remote attacker t...

5.1CVSS5.8AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 4:16 p.m.12 views

CVE-2018-25393

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS0.00565EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.29 views

CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS0.00565EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.8 views

EUVD-2018-21915

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.15 views

CVE-2018-25393

Navigate CMS 2.8.5 contains a path traversal vulnerability exploitable by authenticated users via the id parameter on navigate_download.php. Attack payloads like ../../../cfg/globals.php can be used to download arbitrary files, exposing sensitive configuration and system files outside the intende...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.12 views

CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.7 views

PT-2026-44871

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigate download.php with path traversal payloads ../../../cfg/globals.php to...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Naviwebs Navigate CMS 路径遍历漏洞

Naviwebs Navigate CMS is an open-source content management system developed by Naviwebs Inc. In the version 2.8.5 of Naviwebs Navigate CMS, there is a path traversal vulnerability. This vulnerability stems from the injection of directory traversal sequences in the id parameter, which may allow...

7.1CVSS5.9AI score0.00565EPSS
Exploits0References4
NVD
NVD
added 2026/04/27 7:16 a.m.12 views

CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

7.5CVSS0.0032EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/27 6:15 a.m.5 views

CVE-2026-7094

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

7.5CVSS5AI score0.0032EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/27 6:15 a.m.13 views

CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

7.5CVSS7AI score0.0032EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/27 6:15 a.m.35 views

CVE-2026-7094 ShadowCloneLabs GlutamateMCPServers puppeteer_navigate index.ts server-side request forgery

A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/index.ts of the component puppeteernavigate. Executing a manipulation of the argument url can lead t...

7.5CVSS0.0032EPSS
Exploits1References6
CVE
CVE
added 2026/04/27 6:15 a.m.31 views

CVE-2026-7094

ShadowCloneLabs GlutamateMCPServers contains a server-side request forgery via puppeteer_navigate (src/puppeteer/index.ts). Manipulating the argument url can trigger SSRF from remote, with no disclosed patch version. CVSS estimates range from 4.0 to 3.0/3.1 depending on vector, all indicating med...

7.5CVSS6.9AI score0.0032EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder