Lucene search
K

105357 matches found

Cvelist
Cvelist
added 2026/05/06 6:59 a.m.25 views

CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS0.00229EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 6:59 a.m.7 views

EUVD-2026-27528

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:59 a.m.9 views

CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 6:59 a.m.7 views

CVE-2026-23927 Agent 2 Oracle plugin TNS connection string injection via the 'service' parameter

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/06 6:59 a.m.8 views

CVE-2026-23927

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:47 a.m.8 views

CVE-2026-7448

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS
Exploits0References15
Vulnrichment
Vulnrichment
added 2026/05/06 6:47 a.m.7 views

CVE-2026-7448

...

5.8AI score0.00122EPSS
Exploits0
CVE
CVE
added 2026/05/06 6:47 a.m.17 views

CVE-2026-7448

The CVE-2026-7448 entry corresponds to a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress LatePoint Calendar Booking Plugin for Appointments and Events (versions up to 5.5.0). The underlying issue is insufficient input sanitization and output escaping on the first_name parameter, ...

6AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2026/05/06 6:47 a.m.7 views

EUVD-2026-27542

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'firstname' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/05/06 6:47 a.m.34 views

CVE-2026-7448

...

0.00122EPSS
Exploits0
NVD
NVD
added 2026/05/06 3:15 a.m.12 views

CVE-2026-7573

An authorization bypass CWE-639 in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy roles and permissions for any user across all organizations by supplying targeted Name and Org...

7.7CVSS0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.16 views

PT-2026-37345

A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle database credentials if they are saved in a named session...

5CVSS5.8AI score0.00229EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38228

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description The cTrash.restore function fails to properly validate anti-CSRF Cross-Site Request Forgery toke...

8.7CVSS5.7AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.13 views

PT-2026-38085

Name of the Vulnerable Software and Affected Versions HCL BigFix Service Management SM affected versions not specified Description Improper error handling within the reporting module leads to information exposure. Supplying an invalid or out-of-range value to the consumer company parameter during...

5.3CVSS5.8AI score0.0024EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.3CVSS5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect parameter order in the functions pciprimaryepcepfunlink and pcisecondaryepcepfunlink...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.7 views

Masa CMS 跨站请求伪造漏洞

Masa CMS is a digital experience platform operated by Masa CMS organization. Versions of Masa CMS 7.5.2 and earlier contained a cross-site request forgeing vulnerability. This vulnerability stemmed from the cTrash.restore function not properly verifying the anti-CSRF token, allowing attackers to...

8.7CVSS5.7AI score0.00151EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37352

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first name' parameter in all versions up to, and including, 5.5.0 due to insufficient input sanitization and output escaping. This makes it possible for...

7.2CVSS6AI score0.00122EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38254

Name of the Vulnerable Software and Affected Versions Masa CMS versions prior to 7.2.10 Masa CMS versions prior to 7.3.15 Masa CMS versions prior to 7.4.10 Masa CMS versions prior to 7.5.3 Description Improper handling of scheme-relative URLs allows for an open redirect. The application incorrect...

5.3CVSS5.8AI score0.00328EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37540

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI endpoint component where the pci primary epc epf unlink and pci secondary epc epf unlink functions specify parameters in the wrong order. This contradicts the...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References17
Rows per page
Query Builder