Lucene search
K

7818 matches found

Nuclei
Nuclei
added yesterday94 views

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

6.1CVSS6.4AI score0.01116EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday44 views

Mlflow - Cross-Site Scripting

The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request, which is then reflected back to the user without proper sanitization or escaping. id: CVE-2023-6568 info: name: Mlflow - Cross-Site Scripting author: ritikchaddha severity: medium...

6.5CVSS6.6AI score0.01649EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday44 views

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

6.1CVSS6.4AI score0.04474EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday16 views

TOTOLINK/Realtek Routers - CAPTCHA Bypass

On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to the boafrm/formLogin URI with the JSON payload "topicurl":"setting/getSanvas". This allows an unauthenticated attacker to bypass CAPTCHA verification, gaining unauthorized access to restricted...

9.8CVSS7AI score0.29557EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday277 views

Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting

Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response i...

6.1CVSS6.6AI score0.37246EPSS
Exploits3References6
Nuclei
Nuclei
added yesterday68 views

PuneethReddyHC action.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input. id: CVE-2021-41648 info: name: PuneethReddyHC action.php SQL Injection author: daffainfo severity: high descriptio...

9.8CVSS7AI score0.5177EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday141 views

Likeshop < 2.5.7.20210311 - Arbitrary File Upload

A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an...

9.8CVSS6.8AI score0.70688EPSS
Exploits1References5
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42950

grav-plugin-admin is an HTML user interface that provides a way to configure Grav and create and modify pages. In 1.10.52 and earlier, an authenticated attacker with admin.users permission can change the password of any user account, including the super administrator, by sending a direct POST...

8.7CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 days ago10 views

EUVD-2026-42862

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6.1AI score0.00507EPSS
Exploits0References6
CVE
CVE
added 3 days ago11 views

CVE-2026-58143

Cotonti Siena 0.9.26 and earlier are affected by a cross-site request forgery via the admin.php config update endpoint. The vulnerability lets an unauthenticated attacker trick a logged-in administrator into submitting a forged POST request, bypassing CSRF validation. Attackers can disable the PF...

8.8CVSS6.1AI score0.00175EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago5 views

Malicious code in es6-codify (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e7ae2aa828c8ed2c3ec71480536fd07d9c19f3c698c3b095eafb41206ff3a75f The package advertises itself as a small ES6 string/array/object utility library, but both entrypoints dist/index.cjs and the ESM build execute a...

6.2AI score
Exploits0References9
Nuclei
Nuclei
added 4 days ago80 views

Razer Sila Gaming Router - Remote Code Execution

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...

9.8CVSS7.5AI score0.77136EPSS
Exploits1References2
NVD
NVD
added 6 days ago8 views

CVE-2026-12686

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS0.00309EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41860

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago9 views

CVE-2026-12686

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago10 views

CVE-2026-12686

CVE-2026-12686 affects Adiss’s Biloop: an authenticated user can manipulate a company ID in a POST to the backend, bypassing cross-tenant authorization and gaining access to other companies’ data (including billing) and potentially modifying third-party data. Root cause is inadequate verification...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-55915

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authenticated user can perform a cross-tenant authorization bypass by manipulating a company ID parameter in a POST request to the backend. The application...

9.3CVSS5.9AI score0.00309EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/02 8:17 p.m.7 views

Missing Authorization

Overview 9router is a 9Router CLI - Start and manage 9Router server Affected versions of this package are vulnerable to Missing Authorization via the POST /api/tunnel/tailscale-install route handler, which accepts a JSON body containing a sudoPassword field and pipes it, along with the contents o...

9.8CVSS6.2AI score0.01372EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated...

7.5CVSS6AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 1:19 p.m.3 views

DEBIAN-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder