Lucene search
+L

7 matches found

OSV
OSV
added 2026/07/10 1:57 p.m.5 views

CVE-2026-56329 Capgo - Cross-Tenant Preview Namespace Collision via Non-Bijective Underscore Decoding

Capgo before 12.128.2 contains a cross-tenant preview namespace collision vulnerability caused by non-bijective decoding of double underscores to dots in preview hostname parsing. Attackers can register app IDs with underscores that collide with other tenants' dotted app IDs, causing preview...

5.3CVSS6.1AI score0.00237EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.14 views

CVE-2026-8599

The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.7AI score0.00234EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 12:16 a.m.3 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.9AI score0.00265EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/08 12:59 p.m.2 views

CVE-2026-35023

Wimi Teamwork On-Premises versions prior to 8.2.0 contain an insecure direct object reference vulnerability in the preview.php endpoint where the itemid parameter lacks proper authorization checks. Attackers can enumerate sequential itemid values to access and retrieve image previews from other...

5.3CVSS5.9AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2025/01/22 4:50 p.m.8 views

DRUPAL-CONTRIB-2025-004

The AI logging sub-module enables you to log AI requests and responses for debugging and auditing purposes. The module doesn't sufficiently check for access to view the preview listing of the logs. Full log details are correctly protected, and API keys are never logged. This vulnerability is...

8.2CVSS6.7AI score0.00352EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.7 views

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions prior to Nextcloud Deck 1.8.2 that stems from the fact that when obtaining a reference preview of a Deck card t...

5.8CVSS5.2AI score0.00687EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/21 12:0 a.m.3 views

PT-2022-25151 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.3 through 7.4.3.34 Liferay DXP versions 7.3 before update 10 Liferay DXP versions 7.4 before update 35 Description: The Layout module in Liferay Portal does not check user permission before showing the preview of a...

4.3CVSS4.4AI score0.00466EPSS
Exploits0References9
Rows per page
Query Builder