Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.12 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.5AI score0.00256EPSS
Exploits1References1
NVD
NVD
added 2026/05/22 5:16 p.m.24 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS0.00256EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/22 2:18 p.m.96 views

Exploit for CVE-2026-36226

CVE-2026-36226: Advantech WebAccess/SCADA Create New Project U...

5.9AI score0.00256EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/22 12:0 a.m.9 views

CVE-2026-36226

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

0.00256EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/22 12:0 a.m.11 views

EUVD-2026-31474

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.8AI score0.00256EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42803

Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User component...

6.1CVSS5.8AI score0.00256EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a SCADA software based on the browser architecture developed by Advantech China Research & Development. This software supports dynamic graphical displays and real-time data control, and provides functionality for remote control and management of automation devices. Th...

6.1CVSS5.7AI score0.00256EPSS
Exploits1References1
NVD
NVD
added 2026/05/19 10:16 p.m.21 views

CVE-2026-34390

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and prior have a Privilege Escalation vulnerability where insufficient access control checks in ProjectUsersAddCommand manageprojuseradd.php allow users having manageprojectthreshold access level manager by default to...

5.1CVSS0.00427EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 4:53 p.m.8 views

Incus has Blind SSRF via Image Import Preflight HEAD

Summary A partial implementation of our restricted.images.servers project restriction allows users in such restricted projects to still cause Incus to send HEAD requests to arbitrary endpoints. The actual image download will be rejected by the project restriction, but the ability to trigger...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53902

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.00614EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/04/25 12:0 a.m.8 views

The vulnerability of the UpdateProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the UpdateProjectUserRights method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...

9CVSS5.6AI score0.00683EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/22 1:9 p.m.8 views

CVE-2024-10330

In lunary-ai/lunary version 1.5.6, the /v1/evaluators/ endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless of their role. This vulnerability permits low-privilege users to access potentially sensitive evaluation data...

6.5CVSS6.7AI score0.00487EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/08/08 8:37 a.m.12 views

CVE-2023-4009 Privilege Escalation for Project Owner and Project User Admin Roles in Ops Manager

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation...

7.2CVSS6.8AI score0.00614EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/08 12:0 a.m.5 views

PT-2023-27262 · Mongodb · Mongodb Ops Manager

Name of the Vulnerable Software and Affected Versions: MongoDB Ops Manager versions 5.0 through 5.0.21 MongoDB Ops Manager versions 6.0 through 6.0.16 Description: The issue allows an authenticated user with project owner or project user admin access to generate an API key with the privileges of...

7.2CVSS6.9AI score0.00614EPSS
Exploits0References7
Atlassian
Atlassian
added 2011/02/15 12:5 p.m.20 views

Ability to perform a bulk random password reset for users per project

Would like to have the ability to perform a bulk password reset on user accounts for any particular JIRA project. Have recently received a request from a customer to perform this operation on their project. I did raise a support call JSP-73240 and was recommended to raise a New Feature Request...

2.4AI score
Exploits0Affected Software1
Rows per page
Query Builder