Lucene search
+L

18672 matches found

Nuclei
Nuclei
added 4 hours ago25 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS5.4AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added 4 hours ago75 views

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...

8.1CVSS7.9AI score0.88559EPSS
Exploits22References4
OSV
OSV
added 2 days ago6 views

CVE-2026-59237 IDOR in Prospero Flow CRM Order API allows cross-tenant read and modification of orders

Authorization Bypass Through User-Controlled Key CWE-639 in the Order and OrderItem REST API controllers in Roskus Prospero Flow CRM before 5.5.3 allows a remote, authenticated user to read, modify, and delete orders and order items belonging to any other company tenant via a sequential numeric i...

6.9CVSS6.1AI score0.00369EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago11 views

PT-2026-60306

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.5.2 Description A remote authenticated attacker can achieve arbitrary code execution on the host operating system. This is possible by combining a Host header bypass of localhost-only routes with unvalidated MCP...

8.8CVSS6.5AI score0.00719EPSS
Exploits0References8
CVE
CVE
added 4 days ago23 views

CVE-2026-14903

Ivanti Xtraction vulnerable to path traversal prior to version 2026.2.1. A remote authenticated attacker can read arbitrary files outside the web root due to the underlying flaw. Affected component is the Ivanti Xtraction web interface; exploits or impact details are described as path traversal i...

7.7CVSS6.2AI score0.01037EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 1:17 p.m.9 views

CVE-2026-59234

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 12:47 p.m.37 views

CVE-2026-59234 Authorization Bypass Through User-Controlled Key in Prospero Flow CRM calendar event deletion

Authorization Bypass Through User-Controlled Key CWE-639 in CalendarDeleteEventController app/Http/Controllers/Calendar/CalendarDeleteEventController.php, exposed at GET /calendar/event/delete/id, in Prospero Flow CRM before 5.5.3 allows a remote, authenticated attacker to delete arbitrary calend...

6.9CVSS0.00403EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 2:13 p.m.6 views

PYSEC-2026-739 Moderate severity vulnerability that affects Products.PlonePAS

The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors...

6CVSS6.1AI score0.00962EPSS
Exploits0References9
Ubuntu
Ubuntu
added 2026/06/22 2:53 a.m.5 views

USN-8455-1: Netatalk vulnerabilities

Arjun Basnet discovered that Netatalk improperly validated inputs when unmarshalling Spotlight Remote Procedure Call. A remote authenticated attacker could possibly use this issue to cause a denial of service or obtain sensitive information. CVE-2026-44066 Arjun Basnet discovered that Netatalk...

7.6CVSS5.9AI score0.00322EPSS
Exploits0
CVE
CVE
added 2026/06/18 4:12 p.m.24 views

CVE-2026-54104

The CVE-2026-54104 entry covers a privilege escalation flaw in the U.S. GAO EPDS and CBCA EDS client authentication flow. The systems trust client-provided values for the epds_role_id parameter without verification, enabling a remote, authenticated attacker to raise their privileges. Affected com...

8.8CVSS5.2AI score0.004EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/16 4:4 p.m.13 views

EUVD-2024-55623

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

5.4CVSS5.5AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 4:4 p.m.32 views

CVE-2024-30476

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...

5.4CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 4:4 p.m.15 views

CVE-2024-30476

CVE-2024-30476 details a Stored Cross-Site Scripting vulnerability in Dell PowerStore Manager. A remote authenticated, low-privileged attacker could exploit this to execute scripts in the browser of an authenticated user. CVSS v3.1 base score 5.4 (Medium); attack vector: Network; privileges requi...

5.4CVSS5.6AI score0.00199EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/13 12:34 a.m.15 views

EUVD-2026-36624

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks...

8.8CVSS6AI score0.00451EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 9:56 p.m.32 views

CVE-2026-53836 OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks...

8.8CVSS0.00451EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 9:56 p.m.4 views

CVE-2026-53836 OpenClaw < 2026.5.12 - Allowlist Bypass via PowerShell Encoded-Command Aliases

OpenClaw before 2026.5.12 contains an allowlist bypass vulnerability in PowerShell encoded-command handling that allows attackers to execute encoded commands using abbreviated flag aliases not recognized by the allowlist parser. Remote authenticated operators can bypass execution allowlist checks...

8.7CVSS6.3AI score0.00451EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 4:17 a.m.17 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS0.00409EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 2:27 a.m.28 views

EUVD-2026-36376

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS5.9AI score0.00409EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.12 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS5.8AI score0.00409EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.31 views

CVE-2026-47365

Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account...

9.9CVSS0.00409EPSS
Exploits0References1
Rows per page
Query Builder