Lucene search
K

4521 matches found

Vulnrichment
Vulnrichment
added 2026/02/24 12:52 p.m.5 views

CVE-2026-23983 Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint disabled by default allows users to retrieve a list of objects associated with a specific tag. When these associated objects include Users, the A...

2.3CVSS5.5AI score0.004EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.11 views

NVIDIA Cumulus Linux和NVIDIA NVOS 安全漏洞

NVIDIA Cumulus Linux and NVIDIA NVOS are both products of NVIDIA Corporation, a US-based company. NVIDIA Cumulus Linux is a powerful open-source network operating system. NVIDIA NVOS is also an operating system. Both NVIDIA Cumulus Linux and NVIDIA NVOS have security vulnerabilities; these...

8.8CVSS5.9AI score0.0051EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.10 views

Hitachi Energy Relion REB500 安全漏洞

Hitachi Energy Relion REB500 is a distributed busbar protection system developed by Hitachi Energy. There is a security vulnerability in Hitachi Energy Relion REB500. This vulnerability stems from the ability of low-privilege verified users to access and modify the contents of unauthorized...

8.1CVSS5.8AI score0.00278EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/21 12:0 a.m.10 views

Metabase 安全漏洞

Metabase is an open-source data analysis platform developed by the American company Metabase. Versions of Metabase prior to 0.57.13 and 0.58.6 contain security vulnerabilities. These vulnerabilities stem from improper template evaluation, which may allow low-privilege users to extract sensitive...

7.7CVSS5.8AI score0.00257EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/19 8:30 p.m.9 views

Statamic affected by privilege escalation via stored cross-site scripting

Impact Stored XSS vulnerability in html fieldtypes allow authenticated users with field management permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Patches This has been fixed in 6.3.2 and 5.73.9...

8.1CVSS5.4AI score0.0028EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/13 12:0 a.m.5 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

5.5AI score0.00446EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.6 views

Lavalite CMS 安全漏洞

Lavalite CMS is an open-source content management system based on PHP. Version 10.1.0 of Lavalite CMS has a security vulnerability caused by improper access control, which may allow low-privilege users to directly access the administration backend...

8.8CVSS5.8AI score0.00446EPSS
Exploits1References2
NVD
NVD
added 2026/02/11 9:16 p.m.6 views

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.10 views

SAP ABAP Platform和SAP NetWeaver Application Server ABAP 安全漏洞

SAP ABAP Platform and SAP NetWeaver Application Server ABAP are both products of the German company SAP. SAP ABAP Platform is an SAP solution based on ABAP language. SAP NetWeaver Application Server ABAP is a platform for running and developing applications written in the ABAP language. There are...

9.6CVSS6.2AI score0.00337EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Siemens SINEC NMS 代码问题漏洞

Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...

8.5CVSS7.3AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.25 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.27 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS0.00338EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.5 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS5.4AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.8 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.12 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS0.00182EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.4 views

EUVD-2026-5238

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 4:56 p.m.14 views

CVE-2026-24671

Open eClass (formerly GUnet eClass) prior to version 4.2 is affected by a Stored XSS vulnerability in multiple high-privilege user input fields. Authenticated teachers/admins can inject malicious JavaScript, executed when other users load affected pages. Red Hat/NVD/CVE aggregations confirm the i...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.6 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts in multiple user-controllable input fields, which could allo...

6.1CVSS5.6AI score0.00182EPSS
Exploits1References2
NVD
NVD
added 2026/02/01 1:15 p.m.6 views

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

6.4CVSS0.00217EPSS
Exploits1References4
Rows per page
Query Builder