Lucene search
K

82299 matches found

Wolfi
Wolfi
added yesterday6 views

GHSA-9MC4-RQMQ-H467 vulnerabilities

Vulnerabilities for packages: python...

6.1AI score
Exploits0
Nuclei
Nuclei
added yesterday239 views

Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

6.1CVSS6.8AI score0.09642EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday188 views

AJ-Report < 1.4.1 - Remote Code Execution

AJ-Report before version 1.4.1 is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server through script engine injection in the validation rul...

9.8CVSS7.3AI score0.51468EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday44 views

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

8.2CVSS6.9AI score0.01923EPSS
Exploits0References4
Circl
Circl
added yesterday5 views

CVE-2026-15625

creationtimestamp| type| source ---|---|--- 2026-07-14 06:12:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqlkfme2yr2x...

6.5CVSS6.6AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-15675 code-projects Online Job Portal EditUser.php sql injection

A vulnerability was identified in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file /Admin/EditUser.php. Such manipulation of the argument UserId leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be...

7.5CVSS0.00263EPSS
Exploits0References6
EUVD
EUVD
added yesterday4 views

EUVD-2026-43621

A vulnerability was found in louisho5 picobot up to 0.2.0. This issue affects the function ExecTool.Execute of the file internal/agent/tools/exec.go of the component exec Tool. The manipulation results in os command injection. The attack requires a local approach. The exploit has been made public...

5.3CVSS5.7AI score0.00622EPSS
Exploits0References8
EUVD
EUVD
added yesterday4 views

EUVD-2026-43553

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS6.5AI score0.00313EPSS
Exploits0References6
Patchstack
Patchstack
added 2 days ago7 views

WordPress Booking Package plugin <= 1.7.20 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by PRISM in WordPress Plugin Booking Package versions = 1.7.20...

7.5CVSS6.1AI score0.00481EPSS
Exploits0References1Affected Software1
Nuclei
Nuclei
added 2 days ago85 views

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

7.5CVSS7.1AI score0.53008EPSS
Exploits3References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-43276

A flaw has been found in WuzhiCMS up to 4.1.0. Affected by this vulnerability is the function config/listimage of the file /index.php?m=attachment&f=index&v=upload of the component Attachment API. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. Th...

6.9CVSS5.8AI score0.00311EPSS
Exploits0References6
OSV
OSV
added 2 days ago2 views

CVE-2026-15521 makafeli n8n-workflow-builder update_node_from_file server.cjs path traversal

A vulnerability was identified in makafeli n8n-workflow-builder up to 0.11.0. Affected is an unknown function of the file build/server.cjs of the component updatenodefromfile. The manipulation of the argument filePath leads to path traversal. An attack has to be approached locally. The exploit is...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8
NVD
NVD
added 3 days ago8 views

CVE-2026-15478

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

6.5CVSS0.00192EPSS
Exploits0References5
CVE
CVE
added 3 days ago15 views

CVE-2026-15478

IceHRM

6.5CVSS6.4AI score0.00192EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

CVE-2026-15478 IceHRM UserReport Endpoint EmployeeAttendanceReport.php sql injection

A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a manipulation of the argument employeeList can lead to sql injection. The attack can be launched...

5.3CVSS6.4AI score0.00192EPSS
Exploits0References7
Wolfi
Wolfi
added 4 days ago9 views

GHSA-FRRJ-87JH-2772 vulnerabilities

Vulnerabilities for packages: cilium-cli, kube-vip...

6.1AI score
Exploits0
Circl
Circl
added 4 days ago7 views

CVE-2025-63579

creationtimestamp| type| source ---|---|--- 2026-07-11 00:36:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdg7jkghf2s...

7.5CVSS6.1AI score0.00199EPSS
Exploits0References1
Snyk
Snyk
added 5 days ago3 views

CSV Injection

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to CSV Injection through the postActivityReport process. An attacker can cause arbitrary formula execution in spreadsheet software by injecting a specially crafted User-Agent...

7.3CVSS6.3AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-47422

CVE-2026-47422 affects the Frappe framework. An endpoint in reportview allowed unrestricted access to save_report due to missing permission checks prior to versions 15.107.5 and 16.18.2. The issue is fixed in those versions (15.107.5 and 16.18.2). The provided references include a GitHub advisory...

5.3CVSS6.1AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-55515

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the unaccepted-assets report delete endpoint authorizes only reports.view and deletes CheckoutAcceptance::pending-find$acceptanceId by global ID without checking access to the related checkoutable asset, allowing a reports user in...

5CVSS0.00248EPSS
Exploits1References3
Rows per page
Query Builder