Lucene search
K

192 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-40138

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS6AI score0.0042EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago8 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...

9.2CVSS6.2AI score0.0042EPSS
Exploits0References17
CVE
CVE
added 2026/06/08 4:16 p.m.28 views

CVE-2026-39910

The CVE-2026-39910 entry concerns STACKIT IaaS API: a missing authorization check lets an authenticated, low-privileged attacker attach arbitrary service accounts to owned virtual machines, escalating to full org compromise. The attacker can use the unvalidated PUT /servers/service-accounts endpo...

9.8CVSS5.6AI score0.00302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/05 8:12 p.m.9 views

CVE-2026-11423 Path Traversal in Altium Enterprise Server Collaboration Service Allows Privilege Escalation

A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regular authenticated user can submit a collaboration message containing a crafted filename, which is...

9.4CVSS5.6AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.3AI score0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 6:16 p.m.11 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 6:16 p.m.17 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:43 p.m.10 views

CVE-2026-44669

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/26 5:42 p.m.11 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
CVE
CVE
added 2026/05/26 5:42 p.m.22 views

CVE-2026-44667

FACTION is a PenTesting Report Generation and Collaboration Framework. A stored XSS flaw exists prior to version 1.8.3 where user-supplied attachment filename values are persisted and rendered into HTML and attribute contexts without output encoding in remediation verification/file preview flows....

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43345

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3
NVD
NVD
added 2026/04/27 4:16 p.m.3 views

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS0.00558EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 3:8 p.m.5 views

CVE-2026-41462

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6.1AI score0.00558EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2026/04/27 3:8 p.m.32 views

CVE-2026-41462 ProjeQtor < 12.4.4 Unauthenticated SQL Injection via Login

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS0.00558EPSS
Exploits2References4
EUVD
EUVD
added 2026/04/27 3:8 p.m.3 views

EUVD-2026-25865

ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username...

9.8CVSS6AI score0.00558EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.10 views

CVE-2026-33125

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version...

8.1CVSS5.7AI score0.00243EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/04 3:31 a.m.9 views

Concrete CMS has a stored Cross-site Scripting (XSS) vulnerability

In Concrete CMS below version 9.4.8, a user with permission to edit a page with element Legacy form can perform a stored XSS attack towards high-privilege accounts via the Question field. The Concrete CMS security team thanks minhnn42, namdi and quanlna2 from VCSLab-Viettel Cyber Security for...

4.8CVSS5.9AI score0.00212EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:5 p.m.4 views

CVE-2026-26010

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/11 9:5 p.m.4 views

CVE-2026-26010 Leaky JWTs in OpenMetadata exposing highly-privileged bot users

OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services Glue / Redshift / Postgres. Any read-only user can gain access to a highly privileged account, typically which has the...

7.6CVSS5.5AI score0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/11 2:53 p.m.6 views

CVE-2026-2344 Stored XSS on Plunet BusinessManager

A vulnerability in Plunet Plunet BusinessManager allows unauthorized actions being performed on behalf of privileged users.This issue affects Plunet BusinessManager: 10.15.1...

8.6CVSS5.5AI score0.00234EPSS
Exploits0References1
Rows per page
Query Builder