Lucene search
+L

89172 matches found

EUVD
EUVD
added 5 hours ago5 views

EUVD-2026-45433

A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.java of the component Third Party Edit Endpoint. Executing a manipulation of the argument appSecret...

6.5CVSS6.2AI score
Exploits0References8
NVD
NVD
added 7 hours ago6 views

CVE-2026-16212

A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to...

4.2CVSS
Exploits0References6
CVE
CVE
added 7 hours ago11 views

CVE-2026-16216

Geex-arts django-jet up to 1.0.8 contains a CSRF flaw in the OAuth Handler that can be exploited remotely. The vulnerability enables cross-site request forgery and is public, with no response from the project to the issue. The CVE reports a MEDIUM severity (CVSS 3.x/4.x family) and indicates no l...

5.3CVSS4.6AI score
Exploits0References6
NVD
NVD
added 9 hours ago8 views

CVE-2026-16206

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function loadidtoken of the file oauth2provider/oauth2validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of the...

6.5CVSS
Exploits0References7
Nuclei
Nuclei
added 9 hours ago116 views

SecurEnvoy Two Factor Authentication - LDAP Injection

Multiple LDAP injections vulnerabilities exist in SecurEnvoy MFA before 9.4.514 due to improper validation of user-supplied input. An unauthenticated remote attacker could exfiltrate data from Active Directory through blind LDAP injection attacks against the DESKTOP service exposed on the...

9.8CVSS5.4AI score0.03304EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago92 views

NS-ASG Application Security Gateway 6.3 - Sql Injection

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The...

9.8CVSS6.4AI score0.17622EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago24 views

Landray EKP - Path Traversal

A vulnerability, which was classified as critical, was found in Landray EKP up to 16.0. This affects the function delPreviewFile of the file /sys/ui/sysuicomponent/sysUiComponent.do?method=delPreviewFile. The manipulation of the argument directoryPath leads to path traversal. It is possible to...

6.9CVSS6AI score0.05597EPSS
Exploits1References3
Nuclei
Nuclei
added 9 hours ago49 views

Bank Locker Management System - Cross-Site Scripting

A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate...

4.8CVSS3.2AI score0.34771EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago95 views

osCommerce v4.0 - Cross-site Scripting

A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2024-4348 info: name:...

5CVSS3.3AI score0.01828EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago175 views

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. id:...

7.5CVSS5.2AI score0.54232EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago40 views

Ellucian Ethos Identity CAS - Cross-Site Scripting

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. id: CVE-2023-2822...

6.1CVSS3.2AI score0.03301EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago105 views

Academy LMS 6.2 - Cross-Site Scripting

A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument...

6.1CVSS3AI score0.01835EPSS
Exploits4References2
Nuclei
Nuclei
added 9 hours ago26 views

Mage AI - Insecure Default Authentication Setup

A vulnerability was found in Mage AI 0.9.75. It has been classified as problematic. This affects an unknown part. The manipulation leads to insecure default initialization of resource. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability i...

6.3CVSS4.8AI score0.01045EPSS
Exploits1References5
Nuclei
Nuclei
added 9 hours ago57 views

JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

6.1CVSS3.3AI score0.0097EPSS
Exploits2References3
Nuclei
Nuclei
added 9 hours ago44 views

Fortinet FortiWeb - Authentication Bypass to Admin Privilege

A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...

8.1CVSS8.2AI score0.09825EPSS
Exploits4References3
Nuclei
Nuclei
added 9 hours ago68 views

Atlassian Jira Confluence - Cross-Site Scripting

Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...

6.1CVSS6.5AI score0.37611EPSS
Exploits0References5
EUVD
EUVD
added 9 hours ago6 views

EUVD-2026-45419

A flaw has been found in django-tastypie up to 0.15.1. The affected element is the function CacheThrottle/CacheDBThrottle of the file tastypie/throttle.py. This manipulation causes race condition. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitability...

5CVSS4.8AI score
Exploits0References6
Cvelist
Cvelist
added 10 hours ago12 views

CVE-2026-16206 django-oauth django-oauth-toolkit oauth2_validators.py _load_id_token session expiration

A security vulnerability has been detected in django-oauth django-oauth-toolkit 3.3.0. This issue affects the function loadidtoken of the file oauth2provider/oauth2validators.py. The manipulation leads to session expiration. The attack can be initiated remotely. The project was informed of the...

6.5CVSS
Exploits0References7
EUVD
EUVD
added 11 hours ago5 views

EUVD-2026-45414

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this issue is some unknown functionality of the file /forCYS.php. Such manipulation of the argument course leads to cross site scripting. The attack may be performed from remote. The exploit is...

5.1CVSS3.4AI score
Exploits0References6
EUVD
EUVD
added 12 hours ago9 views

EUVD-2026-45406

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. This issue affects the function dispatchIncoming of the file pkg/channels/wecom/wecom.go of the component Group Message Handler. The manipulation results in incorrect authorization. It is possible to launch the attack remotely. T...

6.5CVSS6.2AI score
Exploits0References7
Rows per page
Query Builder