Lucene search
K

128 matches found

Cvelist
Cvelist
added 2026/02/10 2:30 p.m.30 views

CVE-2025-7636 SQLi in Ergosis Security Systems' ZEUS PDKS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection. This issue affects ZEUS PDKS: from 1.0.5.10 through 10022026. NOTE: The vendor was contacted early about th...

8.8CVSS0.00258EPSS
Exploits0References2
NVD
NVD
added 2026/02/09 12:15 p.m.5 views

CVE-2025-7708

Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation. This issue affects k12net: through 09022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

6.8CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/02/06 7:16 a.m.8 views

CVE-2026-2000

A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function applyconfig of the file /function/system/basic/bridgecfg.php of the component Web Management Backend. Performing a manipulation of the argument iplist results in command injection. The attack is possible to be...

7.2CVSS0.17152EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/01 11:2 p.m.34 views

CVE-2026-1733 Zhong Bang CRMEB :uni tidyOrder improper authorization

A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/storeintegral/order/detail/:uni. The manipulation of the argument orderid leads to improper authorization. The attack can be initiated remotely. The exploit is publicly...

5.3CVSS0.00364EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/01/29 1:47 p.m.3 views

CVE-2025-7014

Session Fixation vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Session Hijacking. This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

8.8CVSS5.4AI score0.00302EPSS
Exploits0References3
OSV
OSV
added 2026/01/22 10:16 a.m.4 views

CVE-2025-4763

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026. NOTE: The vendor was contacted early about this...

6.1CVSS5.8AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.16 views

PT-2026-3932

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.12 Description A flaw exists in Sangfor Operation and Maintenance Management System. This issue is related to the SessionController function within the SSH Protocol Handler...

9.8CVSS7.2AI score0.06437EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/01/20 5:28 a.m.10 views

CVE-2026-1138

A flaw has been found in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/ConfigExceptQQ. Executing a manipulation can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early abo...

9CVSS5.8AI score0.00855EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/18 3:2 a.m.3 views

CVE-2026-1109

A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtspparserequest. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the approach of rolling releases to provide...

5.3CVSS5.7AI score0.00219EPSS
Exploits1References5
Veracode
Veracode
added 2026/01/12 10:40 a.m.10 views

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sandbox enforcement when the “Respond to Webhook” node returns HTML content with executable scripts, which allows an attacker with workflow creation privileges to execute arbitrary JavaScript in the context...

7.3CVSS6.1AI score0.00217EPSS
Exploits0References3Affected Software1
Wiz blog
Wiz blog
added 2025/12/31 1:49 p.m.6 views

Expanding the Zero Critical Club to set a new standard for AppSec and SecOps teams

We are introducing Zero Code Criticals and Zero Time to Respond clubs to give every team a clear north star for secure development and rapid response...

7AI score
Exploits0
Huntr
Huntr
added 2025/12/29 5:49 p.m.6 views

Insecure Direct Object Reference (IDOR) in LollMS Friend Request Response

Executive Summary A critical security vulnerability has been identified in LollMS that allows any authenticated user to accept or reject friend requests belonging to other users. The respondrequest function lacks authorization checks, enabling Insecure Direct Object Reference IDOR attacks. Affect...

8.3CVSS5.8AI score0.00268EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/12/29 5:54 a.m.14 views

CVE-2025-61914

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS5.9AI score0.00217EPSS
Exploits0References1
OSV
OSV
added 2025/12/28 8:15 a.m.7 views

CVE-2025-15127

A security vulnerability has been detected in FantasticLBP HotelsServer up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be...

9.8CVSS5.7AI score0.00407EPSS
Exploits1References4
OSV
OSV
added 2025/12/26 9:48 p.m.7 views

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS5.9AI score0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/26 9:48 p.m.4 views

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS5.5AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/26 9:48 p.m.25 views

CVE-2025-61914 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the...

7.3CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/12/26 9:48 p.m.19 views

CVE-2025-61914

Summary: CVE-2025-61914 affects n8n before version 1.114.0, where a stored XSS in the “Respond to Webhook” node could execute malicious JavaScript in the editor interface. The root cause is HTML responses with executable scripts not sandboxed as in 1.103.0, enabling a user with workflow creation ...

7.3CVSS5.5AI score0.00217EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/26 5:30 p.m.5 views

GHSA-58JC-RCG5-95F3 n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

Summary A stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced ...

7.3CVSS6.1AI score0.00217EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/26 5:30 p.m.5 views

Cross-site Scripting (XSS)

Overview n8n is a n8n Workflow Automation Tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Respond to Webhook node when it responds with HTML content containing executable scripts. An attacker can execute arbitrary JavaScript in the context of the editor...

7.3CVSS5.5AI score0.00217EPSS
Exploits0References2
Rows per page
Query Builder