Lucene search
K

10940 matches found

Nuclei
Nuclei
added 11 hours ago34 views

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field. id: CVE-2018-19749 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 contains a cross-site scripting...

4.8CVSS6.3AI score0.03316EPSS
Exploits6References5
Nuclei
Nuclei
added 11 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
EUVD
EUVD
added 17 hours ago6 views

EUVD-2026-43535

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS6.2AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-62195

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday24 views

CVE-2026-62195 OpenClaw 2026.5.20 < 2026.6.6 Authorization Bypass via MCP loopback

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...

8.7CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-61463

Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtai...

8.8CVSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-61463

CVE-2026-61463 : Shiori contains a privilege escalation in the account update endpoint. An authenticated user can modify the owner field without authorization checks by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token that grants full system a...

8.8CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday10 views

CVE-2026-9708

Mattermost vulnerable versions (11.7.x &lt;= 11.7.2, 11.6.x &lt;= 11.6.4, 10.11.x

4.9CVSS6.1AI score0.0021EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added yesterday112 views

Github Enterprise Authenticated Remote Code Execution

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.3AI score0.71725EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added yesterday2 views

PT-2026-57897

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.5.20 through 2026.6.5 Description An authorization bypass exists in the MCP loopback feature. This issue allows lower-trust callers to execute tools reserved for the owner by utilizing configured input paths, enabling th...

8.7CVSS6.3AI score
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-61442

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS0.00256EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago12 views

EUVD-2026-43180

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

CVE-2026-61442 PraisonAI Platform before 0.1.9 Authorization Bypass via PATCH

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References5
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-61442 PraisonAI Platform before 0.1.9 Authorization Bypass via PATCH

PraisonAI Platform praisonai-platform before 0.1.9 fails to enforce owner/admin authorization on the PATCH routes for projects, issues, and agents, which only require workspace-member role. A workspace member can modify owner-created records; for projects, a member can reassign leadid to their ow...

7.1CVSS0.00256EPSS
Exploits0References3
CVE
CVE
added 3 days ago18 views

CVE-2026-61442

PraisonAI Platform before 0.1.9 has an authorization bypass on PATCH routes for projects, issues, and agents, where workspace-members can modify owner-created records. Specifically, a member can reassign lead_id to their own user id and then delete the owner-created project, bypassing the delete ...

7.1CVSS6.1AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 4 days ago4 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
CVE
CVE
added 4 days ago10 views

CVE-2026-55659

Grist has a cross-site scripting (XSS) vulnerability (CVE-2026-55659) in server-rendered pages caused by embedding user-controlled values into the page and inline scripts without proper escaping. The issue affects pages where a document’s name/description is rendered and where the OAuth2 end-of-f...

7.7CVSS5.8AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-55659 Grist: XSS through unsafe value interpolation in server-rendered pages

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-61441

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS0.00239EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-61441 PraisonAI Platform before 0.1.9 Authorization Bypass via Dependencies

PraisonAI Platform praisonai-platform before 0.1.9 improperly authorizes deletion of issue dependencies. The DELETE dependency route accepts either endpoint of a dependency edge and checks delete permission only against the caller-selected URL issue. A workspace member who cannot delete a...

7.1CVSS0.00239EPSS
Exploits0References3
Rows per page
Query Builder