Lucene search
K

251252 matches found

CVE
CVE
added 2 hours ago3 views

CVE-2025-59874 HCL Hive Telco Observability is affected by  a Required directives missing from the CSP .

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

8.1CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 4 hours ago3 views

CVE-2026-48594

Improper Handling of Highly Compressed Data Data Amplification vulnerability in elixir-tesla tesla allows a denial of service via decompression bomb in HTTP response bodies. When Tesla.Middleware.DecompressResponse or Tesla.Middleware.Compression is included in a Tesla middleware pipeline, HTTP...

8.2CVSS5.8AI score0.00042EPSS
Exploits0References1
NVD
NVD
added 4 hours ago3 views

CVE-2026-50212

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service...

7.1CVSS
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-4881

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error...

6CVSS5.8AI score
Exploits0References1
CVE
CVE
added 6 hours ago9 views

CVE-2026-50213

Technical details about CVE-2026-50213, including affected products, versions, root cause, and patches, are not publicly provided in the supplied documents; monitor for updates.

8.7CVSS5.8AI score
Exploits0References1
NVD
NVD
added 6 hours ago3 views

CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

9.3CVSS
Exploits0References1
OSV
OSV
added 7 hours ago5 views

ROOT-APP-NPM-CVE-2026-25639 CVE-2026-25639 in @rootio/axios - Patched by Root

Root has patched CVE-2026-25639 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.4AI score0.00044EPSS
Exploits1
OSV
OSV
added 7 hours ago7 views

ROOT-APP-NPM-CVE-2026-42039 CVE-2026-42039 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42039 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00023EPSS
Exploits1
OSV
OSV
added 7 hours ago3 views

ROOT-APP-NPM-CVE-2026-42038 CVE-2026-42038 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42038 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

6.8CVSS5.8AI score0.0006EPSS
Exploits1
OSV
OSV
added 7 hours ago3 views

ROOT-APP-NPM-CVE-2026-42041 CVE-2026-42041 in @rootio/axios - Patched by Root

Root has patched CVE-2026-42041 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

4.8CVSS5.8AI score0.00148EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 7 hours ago3 views

CVE-2026-49194

The debugging routine SCREENCLICK5053 enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface...

9.4CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 8 hours ago3 views

EUVD-2026-34211

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.3CVSS5.8AI score
Exploits0References1
OSV
OSV
added 8 hours ago3 views

MGASA-2026-0172 Updated lxc packages fix security vulnerability

CVE-2026-39402, lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion...

6.5CVSS5.8AI score0.00013EPSS
Exploits1References4
Nuclei
Nuclei
added 10 hours ago18 views

Brother Printers – Authentication Bypass via Default Admin Password

By leaking a target device's serial number, a remote attacker can generate the target device's default administrator password. The target device may leak its serial number via unauthenticated HTTP, HTTPS, IPP, SNMP, or PJL requests. id: CVE-2024-51978 info: name: Brother Printers – Authentication...

9.8CVSS7.4AI score0.53599EPSS
Exploits0References4
Nuclei
Nuclei
added 10 hours ago67 views

WordPress Contact Form 7 <1.3.6.3 - Stored Cross-Site Scripting

WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dndcodedropzupload AJAX action. id: CVE-2022-0595 info: name: WordPress Contact Form 7 1.3.6...

5.4CVSS5.9AI score0.05776EPSS
Exploits2References4
Nuclei
Nuclei
added 10 hours ago104 views

Kubio AI Page Builder <= 2.5.1 - Local File Inclusion

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

9.8CVSS8AI score0.69659EPSS
Exploits12References3
Nuclei
Nuclei
added 10 hours ago32 views

phpIPAM 1.5.1 - Cross-site Scripting

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. id: CVE-2023-0676 info: name: phpIPAM 1.5.1 - Cross-site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to 1.5....

6.1CVSS6.1AI score0.00974EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago62 views

Order Delivery Date Pro for WooCommerce < 12.3.1 - Arbitrary Option Update

The Order Delivery Date WordPress plugin before 12.3.1 does not have authorization and CSRF checks when importing settings. Furthermore it also lacks proper checks to only update options relevant to the Order Delivery Date WordPress plugin before 12.3.1. This leads to attackers being able to modi...

9.8CVSS7.2AI score0.09777EPSS
Exploits2References2
Nuclei
Nuclei
added 10 hours ago261 views

WSO2 User Registration - Arbitrary Account Creation

The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings. id: CVE-2024-7097 info: name: WSO2 User Registration - Arbitrary Account Creation author: iamnoooob,rootxharsh,pdresearch...

4.3CVSS5.8AI score0.25144EPSS
Exploits0References2
Nuclei
Nuclei
added 10 hours ago20 views

Trilium <0.52.4 - Cross-Site Scripting

Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2022-2290 info: name: Trilium 0.52.4 - Cross-Site Scripting author:...

6.4CVSS6.8AI score0.074EPSS
Exploits1References5
Rows per page
Query Builder