Lucene search
K

19484 matches found

NVD
NVD
added yesterday5 views

CVE-2026-13020

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday15 views

Liferay Portal - Open Redirect

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows remote...

6.1CVSS6.6AI score0.0096EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday24 views

Liferay Portal & DXP - Cross-Site Scripting

Liferay Portal 7.4.0 through 7.4.3.133 and Liferay DXP 2024.Q1.1 through 2025.Q1.4 contain a reflected XSS caused by improper sanitization in entrycoverimagecaption.jsp, letting remote non-authenticated attackers inject JavaScript. id: CVE-2025-4576 info: name: Liferay Portal & DXP - Cross-Site...

6.9CVSS6AI score0.00548EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday23 views

Cedar Gate EZ-NET <= 6.8.0 - Cross-Site Scripting

The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. id: CVE-2022-23397 info: name: Cedar Gate EZ-NET = 6.8.0 - Cross-Si...

6.1CVSS6.4AI score0.00913EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday65 views

Joomla! Component News Portal 1.5.x - Local File Inclusion

A directory traversal vulnerability in the iJoomla News Portal comnewsportal component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1312 info: name: Joomla! Component News Portal 1.5.x - Local File...

5CVSS6.1AI score0.13621EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday55 views

WordPress Job Portal < 2.0.6 - SQL Injection

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape the city parameter before using it in a SQL statement,leading to a SQL injection vulnerability that is exploitable by unauthenticated users. This vulnerability can be used to extractsensitive data from the database or...

9.8CVSS7.2AI score0.03096EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday17 views

TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal

TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...

7.5CVSS5.9AI score0.17601EPSS
Exploits1References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42058

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-13019

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-13019 Missing Authentication

Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical function vulnerability allows a remote, unauthenticated attacker to access an unprotected API...

9.8CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-13019

Esri Portal for ArcGIS, versions 12.1 and earlier, on Windows/Linux/Kubernetes, has a missing authentication flaw for a critical function, allowing a remote, unauthenticated attacker to access an unprotected API. The CVSSv3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H with base score 9.8 (CRIT...

9.8CVSS6AI score
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-42057

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-13020

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS6AI score
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2026-13020 Weak Password Recovery Mechanism in Portal for ArcGIS

A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an...

8.1CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-13020

The CVE-2026-13020 entry describes a vulnerability in Esri Portal for ArcGIS (versions 12.1 and earlier) where a weak password recovery mechanism can let a remote, unauthorized attacker take ownership of a user account by manipulating the recovery flow. Affected environments include Windows, Linu...

8.1CVSS6AI score
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-14660

A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The attack may be initiated remotely. The exploit has been made public and could...

7.5CVSS0.00412EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago42 views

CVE-2026-14660 code-projects Online Job Portal login.php sql injection

A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The attack may be initiated remotely. The exploit has been made public and could...

7.5CVSS0.00412EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago10 views

PT-2026-55740

Name of the Vulnerable Software and Affected Versions code-projects Online Job Portal version 1.0 Description A remote SQL injection exists in the login.php file. This occurs when the txtUser and txtPass arguments are manipulated, allowing an attacker to interfere with the database queries...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-41458

In exception circumstances, WatchGuard Fireware OS on a FireCluster may use a hard-coded encryption key to encrypt saved credentials for Access Portal resources. This vulnerability affects Fireware OS 12.1 up to and including 12.12 and 2025.1 up to and including 2026.2. This vulnerability does no...

5.9CVSS5.7AI score0.00162EPSS
Exploits0References2
Rows per page
Query Builder