Lucene search
K

48970 matches found

EUVD
EUVD
added 3 hours ago2 views

EUVD-2026-44531

HCL BigFix Platform is affected by a user enumeration vulnerability which might allow an attacker, through careful system control and response time monitoring, to perform some level of user enumeration for the BigFix service...

3.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-21840

CVE-2026-21840 — HCL BigFix Platform is reported to have a user enumeration vulnerability. The available documents indicate that an attacker could perform some level of user enumeration for the BigFix service by observing system behavior/response times. The CVSS 3.1 metrics show a low base score ...

3.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-10714

The CVE-2026-10714 issue affects FactoryTalk Services Platform (FTSP) . It hinges on a JWT validation bypass where the application does not verify that the JWT algorithm is configured for RSA, allowing an attacker to set the algorithm to "none" and forge tokens. This could enable an authenticated...

8.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday2 views

CVE-2026-58478

SIP 5.2.16 has a server-side request forgery (SSRF) vulnerability when the optional Node-RED plugin is installed. An unauthenticated attacker can supply a malicious callback URL and cause the device to issue arbitrary HTTP requests due to lack of destination validation, aided by the default passp...

6.5CVSS6.2AI score
Exploits2References2Affected Software1
OSV
OSV
added yesterday4 views

ROOT-APP-PYPI-CVE-2026-54277 CVE-2026-54277 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-54277 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

8.7CVSS5.8AI score0.00322EPSS
Exploits0
RedHat Linux
RedHat Linux
added yesterday7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.21.24 security and extras update

Red Hat OpenShift Container Platform release 4.21.24 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.21. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS6.2AI score0.00656EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday37 views

XWiki Platform - Path Traversal

XWiki Platform 4.2-milestone-2 through 16.10.6 contains a path traversal caused by improper access control in jsx and sx endpoints, letting remote attackers read configuration files, exploit requires no special privileges. id: CVE-2025-55748 info: name: XWiki Platform - Path Traversal author:...

9.3CVSS7AI score0.01639EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday13 views

Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials

Sitecore Experience Manager XM and Experience Platform XP versions 10.1 to 10.1.4 rev. 011974 PRE, all versions of 10.2, 10.3 to 10.3.3 rev. 011967 PRE, and 10.4 to 10.4.1 rev. 011941 PRE contain a hardcoded user account. Unauthenticated and remote attackers can use this account to access...

7.5CVSS7.2AI score0.39961EPSS
Exploits6References3
Nuclei
Nuclei
added yesterday15 views

Chef Automate < 4.13.295 — SQL Injection

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. id: CVE-2025-8868 info...

9.8CVSS6.1AI score0.22827EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday44 views

Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution

Melis Technology Melis Platform contains an unrestricted file upload caused by insufficient validation of 'mcsdetailimg' parameter in /melis/MelisCmsSlider/MelisCmsSliderDetails/saveDetailsForm, letting attackers upload malicious files and achieve remote code execution, exploit requires crafted...

9.3CVSS6.2AI score0.02503EPSS
Exploits3References3
Nuclei
Nuclei
added yesterday59 views

XWiki Platform - Information Disclosure

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...

9.3CVSS7AI score0.01557EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday13 views

XWiki Platform - Cross-Site Scripting

XWiki Platform versions = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and = 4.2-milestone-3 and = 16.5.0-rc-1 and = 17.0.0-rc-1 and 17.3.0-rc-1 are vulnerable to reflected XSS in two templates. The vulnerability allows an attacker to execute malicious JavaScript code in the context of the...

6.5CVSS7.2AI score0.00634EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday10 views

XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

8.7CVSS6.9AI score0.01378EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday24 views

Liferay Portal & DXP - Cross-Site Scripting

Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...

6.9CVSS6.1AI score0.00588EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday32 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.5AI score0.1438EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday14 views

IBM BigFix Platform - Information Disclosure

IBM BigFix Platform 9.2 and 9.5 contains an information disclosure vulnerability caused by not enabling authenticated access in relay, letting remote attackers query and gather update and fixlet information, exploit requires no authentication. id: CVE-2019-4061 info: name: IBM BigFix Platform -...

5.3CVSS6.2AI score0.22547EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday188 views

XWiki >= 6.2-milestone-1 - Cross-Site Scripting

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as:...

9.6CVSS6.3AI score0.02377EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

TOTVS Fluig Platform - Cross-Site Scripting

A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...

6.1CVSS4.3AI score0.02379EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday11 views

Giga Messenger WordPress - Cross-Site Scripting

Giga Messenger WordPress plugin = 2.3.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a...

6.1CVSS7AI score0.00567EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday90 views

Smart s200 Management Platform v.S200 - SQL Injection

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. id: CVE-2024-27718 info: name: Smart s200 Management Platform v.S200 - SQL Injection author:...

7.8CVSS6.1AI score0.01101EPSS
Exploits0References1
Rows per page
Query Builder