Lucene search
K

6573 matches found

CVE
CVE
added yesterday6 views

CVE-2026-52888

NocoBase before 2.1.0-alpha.46 exposes sensitive data via the SQL Collection feature. The plugin-collection-sql checkSQL() used an incomplete keyword blacklist that did not block PostgreSQL system catalogs (e.g., pg_shadow, pg_roles, pg_stat_activity), allowing an admin-role user to read password...

6.8CVSS6.1AI score0.00048EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday49 views

Joomla! Component Music Manager - Local File Inclusion

A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the cid parameter to album.html. id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local Fil...

6.8CVSS6.2AI score0.04848EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday20 views

ListingPro < 2.6.1 - Sensitive Data Disclosure

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the /listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email...

5.3CVSS6.2AI score0.01608EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday34 views

WordPress JobWP Plugin <= 2.3.9 - SQL Injection

The JobWP - Job Board, Job Listing, Career Page and Recruitment Plugin plugin for WordPress is vulnerable to SQL Injection via the 'jobwpuploadresume' parameter in all versions up to, and including, 2.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

7.5CVSS7AI score0.01643EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

PraisonAI AgentOS - Information Disclosure

PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...

7.3CVSS7.1AI score0.26799EPSS
Exploits4
Nuclei
Nuclei
added yesterday25 views

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...

7.5CVSS6.1AI score0.01923EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday62 views

DedeCMS 5.7.109 - Server-Side Request Forgery

Manipulation of the rssurl parameter in codo.php leads to server-side request forgery in DedeCMS version 5.7.109. id: CVE-2023-3578 info: name: DedeCMS 5.7.109 - Server-Side Request Forgery author: ritikchaddha severity: critical description: | Manipulation of the rssurl parameter in codo.php lea...

9.8CVSS6.5AI score0.0357EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday108 views

TrakSYS 11.x.x - Sensitive Data Exposure

A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been...

6.9CVSS5.5AI score0.02053EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday26 views

Easy Appointments <= 3.12.21 - Information Disclosure

Easy Appointments WordPress plugin = 3.12.21 contains a sensitive information exposure caused by an unauthenticated REST API endpoint /wp-json/wp/v2/eablocks/eaappointments/ registered with permissioncallback allowing unrestricted access, letting unauthenticated attackers extract sensitive custom...

7.5CVSS7AI score0.0239EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday18 views

Scoold < 1.64.0 - Authentication Bypass

Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...

8.7CVSS6AI score0.01008EPSS
Exploits0References3
NVD
NVD
added 2 days ago4 views

CVE-2026-50456

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-50442

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2 days ago2 views

CVE-2026-50430

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2 days ago2 views

CVE-2026-50415

Exposure of sensitive information to an unauthorized actor in Windows Media allows an unauthorized attacker to disclose information over a network...

5.3CVSS0.00576EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-50409

Exposure of sensitive information to an unauthorized actor in Windows Overlay Filter allows an authorized attacker to disclose information locally...

5.5CVSS0.00362EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-50352

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally...

5.5CVSS0.00469EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-50339

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS0.00362EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-15642

Insertion of sensitive information into a file in the Recovery Kit response file generation feature in Devolutions Server 2026.1.22.0, 2026.2.11.0 allows an attacker with access to the generated response file to obtain the Azure Key Vault client secret in cleartext, even when the option to exclud...

0.00149EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-50697

Exposure of sensitive information to an unauthorized actor in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-50294

CVE-2026-50294 : Windows Kernel exposes sensitive system information to an unauthorized control sphere, enabling a local attacker to disclose information. Documents confirm a local attack vector with high confidentiality impact; no exploitation details or remediation are provided in the connected...

6.2CVSS6AI score0.00382EPSS
Exploits0References1
Rows per page
Query Builder