Lucene search
+L

1397163 matches found

osv
osv
added 13 hours ago15 views

ROOT-APP-NPM-CVE-2026-44457 CVE-2026-44457 in @rootio/hono - Patched by Root

Root has patched CVE-2026-44457 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00197EPSS
Exploits0
osv
osv
added 13 hours ago8 views

ROOT-APP-NPM-CVE-2026-47675 CVE-2026-47675 in @rootio/hono - Patched by Root

Root has patched CVE-2026-47675 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00216EPSS
Exploits0
osv
osv
added 13 hours ago7 views

ROOT-APP-NPM-CVE-2026-56761 CVE-2026-56761 in @rootio/hono - Patched by Root

Root has patched CVE-2026-56761 in the @rootio/hono package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00174EPSS
Exploits0
osv
osv
added 13 hours ago4 views

RHSA-2026:37094 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

5.9CVSS6.3AI score0.00527EPSS
Exploits0References10
redhat
redhat
added 13 hours ago7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.66 bug fix and security update

Red Hat OpenShift Container Platform release 4.16.66 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

9.8CVSS6.8AI score0.01735EPSS
Exploits3References8
osv
osv
added 13 hours ago6 views

ROOT-OS-DEBIAN-11-CVE-2023-34152 CVE-2023-34152 in rootio-imagemagick - Patched by Root

Root has patched CVE-2023-34152 in the rootio-imagemagick package for Root:Debian:11. Multiple fixed versions available...

9.8CVSS5.4AI score0.08011EPSS
Exploits3
redhat
redhat
added 14 hours ago7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.14.69 bug fix and security update

Red Hat OpenShift Container Platform release 4.14.69 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.14. Red Hat Product Security has rated this update as having a...

9.1CVSS6.8AI score0.01041EPSS
Exploits7References9
nuclei
nuclei
added 14 hours ago86 views

EPrints 3.4.2 - Cross-Site Scripting

EPrints 3.4.2 contains a reflected cross-site scripting vulnerability in the dataset parameter to the cgi/dataset dictionary URI. id: CVE-2021-26702 info: name: EPrints 3.4.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: EPrints 3.4.2 contains a reflected cross-site...

6.1CVSS6.7AI score0.03072EPSS
Exploits1References5
nuclei
nuclei
added 14 hours ago83 views

Wordpress Polls Widget < 1.5.3 - SQL Injection

The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the dateanswers POST parameter before using it in a SQL statement when sending a Poll result, allowing unauthenticated users to perform SQL Injection attacks id: CVE-2021-24442 inf...

9.8CVSS7.1AI score0.46921EPSS
Exploits2References3
nuclei
nuclei
added 14 hours ago54 views

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224 is susceptible to improper authorization. The default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. An attacker can access sensitive information regarding...

5.3CVSS6.7AI score0.82371EPSS
Exploits7References5
nuclei
nuclei
added 14 hours ago33 views

WordPress Download Manager < 3.2.44 - Authenticated Cross-Site Scripting

The WordPress Download Manager plugin before version 3.2.44 does not properly sanitize and escape the userids parameter in the stats history dashboard. This allows authenticated attackers to perform Cross-Site Scripting attacks by injecting malicious JavaScript code. id: CVE-2022-2168 info: name:...

6.1CVSS6.4AI score0.0128EPSS
Exploits2References2
nuclei
nuclei
added 14 hours ago91 views

Kavita <0.5.4.1 - Server-Side Request Forgery

Kavita before 0.5.4.1 is susceptible to server-side request forgery in GitHub repository kareadita/kavita. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-2756 info: name:...

7.1CVSS6.8AI score0.02298EPSS
Exploits1References4
nuclei
nuclei
added 14 hours ago267 views

Node.js Embedded JavaScript 3.1.6 - Template Injection

Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settingsview optionsoutputFunctionName, which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation. id:...

9.8CVSS6.8AI score0.32808EPSS
Exploits7References5
nuclei
nuclei
added 14 hours ago70 views

WordPress CDI <5.1.9 - Cross Site Scripting

WordPress CDI plugin prior to 5.1.9 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response of an AJAX action. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...

6.1CVSS6.5AI score0.01566EPSS
Exploits2References5
nuclei
nuclei
added 14 hours ago89 views

Open Automation Software OAS Platform V16.00.0121 - Missing Authentication

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...

9.4CVSS7AI score0.37606EPSS
Exploits1References4
nuclei
nuclei
added 14 hours ago72 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.3AI score0.05879EPSS
Exploits1References5
nuclei
nuclei
added 14 hours ago72 views

WBCE CMS v1.5.4 - Cross Site Scripting (Stored)

A cross-site scripting XSS vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. id: CVE-2022-45037 info: name: WBCE CMS v1.5.4 - Cross Site Scripting Stored author:...

5.4CVSS6.3AI score0.01024EPSS
Exploits1References3
nuclei
nuclei
added 14 hours ago76 views

FreeIPA - XML Entity Injection

Access to external entities when parsing XML documents can lead to XML external entity XXE attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. id: CVE-2022-2414 info: name: FreeIPA - XML Entity Injection...

7.5CVSS7.1AI score0.85323EPSS
Exploits3References3
nuclei
nuclei
added 14 hours ago70 views

Cryptocurrency Widgets Pack < 2.0 - SQL Injection

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. id: CVE-2022-4059 info: name: Cryptocurrency Widgets Pack 2.0 - SQL Injection author: r3Y3r53 severity: critical description...

9.8CVSS7.1AI score0.04756EPSS
Exploits1References3
nuclei
nuclei
added 14 hours ago90 views

Cartadis Gespage 8.2.1 - Directory Traversal

Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData. id: CVE-2021-33807 info: name: Cartadis Gespage 8.2.1 - Directory Traversal author: daffainfo severity: high description: Cartadis Gespage through 8.2.1 allows Directory Traversa...

7.5CVSS7AI score0.16139EPSS
Exploits1References5
Rows per page
Query Builder