1695 matches found
CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page
Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...
EUVD-2026-32974
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...
CVE-2026-44797
Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...
EUVD-2026-32715
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...
WebPros Comet Backup 安全漏洞
WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. There is a security vulnerability in WebPros Comet Backup, which stems from insufficient character filtering in the backup proxy signature module. This vulnerability may allow authenticated tenant...
BIT-JOOMLA-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
IBM QRadar 安全漏洞
IBM QRadar is a security information and event management platform developed by the American multinational company IBM. There are security vulnerabilities in the version of IBM QRadar 7.5.0 up to 7.5.0 UP15 Interim Fix 002. These vulnerabilities stem from privileged users uploading malicious back...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the nfosfmatchone function, which calculates ctx-window % f-wss.val in the OSFWSSMODULO...
CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...
CVE-2026-48900
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
CVE-2026-8834 IBM HTTP Server is affected by multiple vulnerabilities
IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...
CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
CVE-2026-48900
CVE-2026-48900 affects Joomla! Core (com_scheduler). An improper access check allows low-privileged users to edit the task types of existing scheduler tasks, indicating a privilege-escalation in the scheduler component. The CVE details indicate a CVSS v4 score of 6.4 (MEDIUM) with network attack ...
EUVD-2026-31879
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler
An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...
EUVD-2025-209930
IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...
PT-2026-43318
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows low privileged users to edit the task types of existing scheduler tasks. Recommendations At the moment, there is no information...
CVE-2026-3636
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...
CVE-2026-3636
Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...
CVE-2026-0393
The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...