Lucene search
K

33360 matches found

Nuclei
Nuclei
added yesterday39 views

W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

8.8CVSS7.2AI score0.04974EPSS
Exploits0References3
NVD
NVD
added 2 days ago4 views

CVE-2026-48329

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

2.7CVSS0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago3 views

EUVD-2026-44543

ColdFusion is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.7CVSS6.1AI score0.00622EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-47999

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

4.8CVSS0.11523EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-47994

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

8.7CVSS0.00883EPSS
Exploits0References1
NVD
NVD
added 2 days ago2 views

CVE-2026-47996

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.6CVSS0.18502EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score0.00655EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-48259 Adobe Experience Manager | Server-Side Request Forgery (SSRF) (CWE-918)

Adobe Experience Manager is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining...

9.6CVSS6.5AI score0.00407EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-15641

Improper authorization in the access request status endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated low-privileged user to approve their own pending access request via a direct call to the request status endpoint, bypassing the required approver review...

7.1CVSS0.0015EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-15641

Technical details (affected products, components, versions, root cause, or exploit info) are not publicly available in the provided documents. Monitor for updates from vendors and CVE feeds.

7.1CVSS6.1AI score0.0015EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago21 views

CVE-2026-50399 Windows Kernel Elevation of Privilege Vulnerability

...

7.8CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-59837

Fortinet vulnerability CVE-2026-59837 affects FortiOS (7.4.0–7.4.1, 7.2 all), FortiPAM (1.0–1.8.2), and FortiProxy (7.2 all, 7.4.0–7.4.13). The issue is a stack-based buffer overflow exploitable by a privileged authenticated attacker who can bypass stack protection and ASLR, via crafted HTTP requ...

6.6CVSS6.5AI score0.00603EPSS
Exploits0References1Affected Software3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-43569

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS6.2AI score0.00207EPSS
Exploits0References3
NVD
NVD
added 3 days ago5 views

CVE-2026-62191

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and...

7.1CVSS0.00207EPSS
Exploits0References2
CVE
CVE
added 3 days ago12 views

CVE-2026-62191

OpenClaw has an authorization bypass in the message mutation handling affecting versions 2026.6.6 up to, but not including, 2026.6.9. The flaw allows lower-trust callers to execute privileged operations when the affected feature is enabled and reachable, by exploiting misconfigured input paths to...

7.1CVSS6.2AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago12 views

CVE-2026-15584

The CVE-2026-15584 issue concerns the incluster-checks tool in OpenShift. It describes a privilege-escalation flaw where the tool creates privileged debug pods with host filesystem access in the shared default namespace. Any user possessing the standard edit role can execute into these pods and o...

7.5CVSS6AI score0.00246EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-15584

A privilege escalation vulnerability was found in the incluster-checks tool for OpenShift. The tool creates privileged debug pods with host filesystem access in the shared default namespace, where any user with the standard edit role can exec into them and obtain root access on cluster nodes...

7.5CVSS6AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57811

Name of the Vulnerable Software and Affected Versions OpenShift affected versions not specified Description A privilege escalation issue exists in the incluster-checks tool. This tool creates privileged debug pods that grant access to the host filesystem within the shared default namespace...

7.5CVSS6.2AI score0.00246EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-12126 WCFM Marketplace <= 3.7.3 - Authenticated (Vendor+) Stored Cross-Site Scripting via Attachment 'post_title'

The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Attachment 'posttitle' in all versions up to, and including, 3.7.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.0021EPSS
Exploits0References8
Rows per page
Query Builder