Lucene search
+L

2350 matches found

EUVD
EUVD
added 2026/06/10 2:34 p.m.12 views

EUVD-2026-36051

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 2:27 p.m.43 views

CVE-2026-49938

Fortinet FortiPortal is affected by an improper access control vulnerability (CVE-2026-49938) impacting FortiPortal versions 7.4.0–7.4.7, 7.2.0–7.2.8, and all 7.0 versions. The issue is described as improper access control with an attack vector placeholder, indicating a possible exposure where an...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/08 9:8 a.m.10 views

WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

WordPress Masteriyo - LMS plugin = 2.2.0 - Privilege Escalation vulnerability discovered by daroo in WordPress Plugin Masteriyo - LMS versions = 2.2.0...

8.8CVSS5.5AI score0.00238EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/06/08 12:0 a.m.4 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +23855 more potentially affected by CVE-2026-41851 via org.springframework:spring-core (>=6.1.0 <=6.2.18)

org.springframework:spring-core MAVEN version =6.1.0, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo =0.1.0 -...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 9:44 p.m.14 views

EUVD-2026-31860

Bugsink: Project scoping missing in sourcemap and debug-file lookup...

4.3CVSS5.4AI score0.00178EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 9:43 p.m.15 views

EUVD-2026-31862

Bugsink: Issue bulk actions can affect another project’s issue if its UUID is known...

3.1CVSS5.4AI score0.00147EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.15 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.13 views

CVE-2026-9552

A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the component Search API Endpoint. The manipulation of the argument Value results in sql injection. It is possible to launch the attack remotely. The exploit has been...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.12 views

CVE-2026-41554

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

7.1CVSS5.4AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5935

IBM Total Storage Service Console TSSC / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user supplied input...

9.8CVSS5.9AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33432

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...

9.1CVSS5.5AI score0.00423EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.13 views

CVE-2026-46822

Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iAssets. While the...

9.9CVSS5.4AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.15 views

CVE-2026-35242

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-49061

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.2.2 Description Bugsink stores every tag provided with an incoming event. An attacker can submit an event containing an unusually large number of custom tags, causing the ingestion process to spend excessive time...

4.3CVSS6.1AI score0.00056EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.11 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated reflective cross-site scripting vulnerability present in the server.log endpoint,...

6.1CVSS5.1AI score0.00324EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-42779

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass...

9.8CVSS6.8AI score0.00902EPSS
Exploits1References2
CVE
CVE
added 2026/06/02 3:29 p.m.22 views

CVE-2026-34460

NamelessMC (Minecraft server website software) is affected in versions up to 2.2.4 where the OAuth callback handling does not validate the state parameter server‑side before exchanging the authorization code. This can let an attacker capture a valid OAuth callback URL for their own account and ca...

5.4CVSS5.8AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 3:19 p.m.20 views

CVE-2026-33398

NamelessMC 2.2.4 is affected by an insecure access control in modules/Forum/pages/forum/get_quotes.php, which only checks that a caller is logged in and reads a post by an attacker-controlled post ID. The backend helper in modules/Forum/classes/Forum.php does not enforce forum or topic ACLs, allo...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 7:48 a.m.41 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS0.00131EPSS
Exploits0References5
Rows per page
Query Builder