Lucene search
K

4515 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/13 12:0 a.m.5 views

CVE-2025-70866

LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...

5.5AI score0.00446EPSS
Exploits1References3
NVD
NVD
added 2026/02/11 9:16 p.m.6 views

CVE-2026-25759

Statmatic is a Laravel and Git powered content management system CMS. From 6.0.0 to before 6.2.3, a stored XSS vulnerability in content titles allows authenticated users with content creation permissions to inject malicious JavaScript that executes when viewed by higher-privileged users. Maliciou...

8.7CVSS0.00293EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.9 views

SAP ABAP Platform和SAP NetWeaver Application Server ABAP 安全漏洞

SAP ABAP Platform and SAP NetWeaver Application Server ABAP are both products of the German company SAP. SAP ABAP Platform is an SAP solution based on ABAP language. SAP NetWeaver Application Server ABAP is a platform for running and developing applications written in the ABAP language. There are...

9.6CVSS6.2AI score0.00337EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/10 12:0 a.m.8 views

Siemens SINEC NMS 代码问题漏洞

Siemens SINEC NMS is a network management system developed by Siemens in Germany. This system can be used for round-the-clock centralized monitoring, management, and configuration of industrial networks containing tens of thousands of devices, including those related to security applications...

8.5CVSS7.3AI score0.00238EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/06 1:30 p.m.15 views

CVE-2026-23797

In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7...

6.9CVSS5.4AI score0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.27 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS0.00338EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/05 4:13 p.m.5 views

CVE-2020-37129 Memu Play 7.1.3 - Insecure Folder Permissions

Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file...

9.8CVSS5.4AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.8 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.12 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS0.00182EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.4 views

EUVD-2026-5238

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1
CVE
CVE
added 2026/02/03 4:56 p.m.13 views

CVE-2026-24671

Open eClass (formerly GUnet eClass) prior to version 4.2 is affected by a Stored XSS vulnerability in multiple high-privilege user input fields. Authenticated teachers/admins can inject malicious JavaScript, executed when other users load affected pages. Red Hat/NVD/CVE aggregations confirm the i...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.6 views

CVE-2026-24671

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated high-privileged users teachers or administrators to inject malicious JavaScript into multiple user-controllabl...

6.1CVSS5.3AI score0.00182EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.6 views

Open eClass 跨站脚本漏洞

Open eClass is an open-source e-classroom system developed by the Greek Universities Network. Versions of Open eClass prior to 4.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from stored cross-site scripts in multiple user-controllable input fields, which could allo...

6.1CVSS5.6AI score0.00182EPSS
Exploits1References2
NVD
NVD
added 2026/02/01 1:15 p.m.6 views

CVE-2021-47913

PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation...

6.4CVSS0.00217EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/30 3:8 p.m.3 views

CVE-2026-24855

ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting XSS vulnerability occurs in Create Events in Church Calendar. Users with low privileges can create XSS payloads in the Description field. This payload is stored in the database, and wh...

8.5CVSS5.9AI score0.00209EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/27 9:24 a.m.15 views

CVE-2025-14316

The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

7.1CVSS5.9AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.8 views

MyTube security vulnerability

MyTube is a video self-hosting downloader and player developed by Peifan Li. Versions of MyTube prior to 1.7.78 contained a security vulnerability, which stemmed from improper permission verification at the database export endpoint. This vulnerability could allow low-privilege users to access...

8.7CVSS5.8AI score0.00317EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/22 9:40 p.m.2 views

CVE-2025-14750 External Control of Assumed-Immutable Web Parameter in Weintek cMT X Series HMI EasyWeb Service

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

8.7CVSS5.9AI score0.00315EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.13 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS5.4AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 6:16 a.m.5 views

CVE-2025-12573

The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12 data...

6.5CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder