Lucene search
K

1695 matches found

Cvelist
Cvelist
added 2026/05/28 8:27 p.m.29 views

CVE-2026-44655 MantisBT: Stored XSS on Move Attachments Admin Page

Mantis Bug Tracker MantisBT is an open source issue tracker. From 1.3.0 to 2.28.1, unescaped Project Name allows an attacker that can set it which typically requires manager or administrator access level to inject HTML in Move Attachments admin page. This vulnerability is fixed in 2.28.2...

8.6CVSS0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 4:59 p.m.17 views

EUVD-2026-32974

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:59 p.m.16 views

CVE-2026-44797

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, Nautobot's Webhook data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and IP addresses that should not be permitted, allowi...

8.5CVSS5.8AI score0.00235EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/05/28 4:1 a.m.11 views

EUVD-2026-32715

Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WebPros Comet Backup 安全漏洞

WebPros Comet Backup is a data backup and recovery platform developed by the Swiss company WebPros. There is a security vulnerability in WebPros Comet Backup, which stems from insufficient character filtering in the backup proxy signature module. This vulnerability may allow authenticated tenant...

9CVSS6.2AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 8:47 a.m.15 views

BIT-JOOMLA-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

IBM QRadar 安全漏洞

IBM QRadar is a security information and event management platform developed by the American multinational company IBM. There are security vulnerabilities in the version of IBM QRadar 7.5.0 up to 7.5.0 UP15 Interim Fix 002. These vulnerabilities stem from privileged users uploading malicious back...

7.2CVSS5.7AI score0.00463EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel. This vulnerability stems from the nfosfmatchone function, which calculates ctx-window % f-wss.val in the OSFWSSMODULO...

5.8AI score0.00114EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/26 5:43 p.m.32 views

CVE-2026-44669 Faction: Stored XSS in Assessment Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/05/26 5:16 p.m.26 views

CVE-2026-48900

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 5:10 p.m.10 views

CVE-2026-8834 IBM HTTP Server is affected by multiple vulnerabilities

IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service...

8CVSS6.4AI score0.0026EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/26 4:43 p.m.39 views

CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 4:43 p.m.29 views

CVE-2026-48900

CVE-2026-48900 affects Joomla! Core (com_scheduler). An improper access check allows low-privileged users to edit the task types of existing scheduler tasks, indicating a privilege-escalation in the scheduler component. The CVE details indicate a CVSS v4 score of 6.4 (MEDIUM) with network attack ...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/26 4:43 p.m.12 views

EUVD-2026-31879

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 4:43 p.m.10 views

CVE-2026-48900 Joomla! Core - [20260516] - Incorrect Access Control in com_scheduler

An improper access check allowed low privileged users to edit the task types of existing scheduler tasks...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 3:52 p.m.13 views

EUVD-2025-209930

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

6.4CVSS5.8AI score0.00185EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.16 views

PT-2026-43318

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An improper access check allows low privileged users to edit the task types of existing scheduler tasks. Recommendations At the moment, there is no information...

6.4CVSS5.8AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 11:16 a.m.12 views

CVE-2026-3636

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS0.00184EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:23 a.m.11 views

CVE-2026-3636

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/21 12:16 p.m.27 views

CVE-2026-0393

The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login operations within an active visualization session...

6.9CVSS0.00244EPSS
Exploits0References1
Rows per page
Query Builder