Lucene search
K

28076 matches found

Snyk
Snyk
added 2026/01/15 6:31 p.m.2 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the sort parameter in the jsonapi/review endpoint. An attacker can access sensitive database information and manipulate query results by sending specially crafted GET requests. Remediation There is no fixed version for...

8.8CVSS6AI score0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/15 5:58 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Delete function. An attacker can delete arbitrary files on the server by submitting crafted path traversal sequences in the path parameter. Details A Directory Traversal attack also known as path traversal ai...

8.1CVSS6.5AI score0.00598EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/01/15 4:38 p.m.3 views

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS6.2AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2026/01/15 4:38 p.m.6 views

CVE-2026-23493 Pimcore ENV Variables and Cookie Informations are exposed in http_error_log

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the httperrorlog file stores the $COOKIE and $SERVER variables, which means sensitive information such as database passwords, cookie session data, and other details can be accessed or recovered through t...

8.6CVSS5.6AI score0.00393EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/15 4:32 p.m.3 views

CVE-2026-20076

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...

4.8CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/01/15 1:16 p.m.5 views

CVE-2026-22919

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting XSS attacks, leading to the extraction of sensitive data...

4.8CVSS5.6AI score0.00262EPSS
Exploits0References6
OSV
OSV
added 2026/01/15 1:16 p.m.7 views

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

6.1CVSS5.9AI score0.00347EPSS
Exploits0References6
NVD
NVD
added 2026/01/15 1:16 p.m.15 views

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

6.1CVSS0.00347EPSS
Exploits0References6
NVD
NVD
added 2026/01/15 1:16 p.m.3 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

8.2CVSS0.00286EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:8 p.m.1 views

CVE-2026-22919

An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting XSS attacks, leading to the extraction of sensitive data...

4.8CVSS5.1AI score0.00262EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/01/15 1:8 p.m.4 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

8.2CVSS5.5AI score0.00286EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/15 1:8 p.m.26 views

CVE-2026-22918

An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data...

4.3CVSS0.00286EPSS
Exploits0References6
CVE
CVE
added 2026/01/15 1:5 p.m.19 views

CVE-2026-22913

CVE-2026-22913 is linked to improper handling of a URL parameter that may allow code execution in a user’s browser after login, potentially leading to sensitive data exposure. Public details from NVD and Red Hat/CIRCL/SICK pages describe the vulnerability and impact as confidentiality/data leakag...

6.1CVSS6.8AI score0.00347EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.6 views

CVE-2026-0717

The LottieFiles – Lottie block for Gutenberg plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.0 via the /wp-json/lottiefiles/v1/settings/ REST API endpoint. This makes it possible for unauthenticated attackers to retrieve the site...

5.3CVSS6AI score0.003EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 12:23 a.m.10 views

CVE-2025-67399

An issue in AIRTH SMART HOME AQI MONITOR Bootloader v.1.005 allows a physically proximate attacker to obtain sensitive information via the UART port of the BK7231N controller Wi-Fi and BLE module on the device is open to access...

4.6CVSS6.6AI score0.00153EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

Pimcore security vulnerabilities

Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 12.3.1 and 11.5.14 contained security...

8.6CVSS5.8AI score0.00393EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003538)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003538 advisory. The acpismbushcadd function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg...

5.5CVSS6.3AI score0.00499EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.5 views

JetBrains TeamCity Guest Access Detected

JetBrains TeamCity is a continuous integration and build management system that allows guest access if the feature is enabled. If guest login is enabled, an attacker can access the TeamCity server without authentication, potentially leading to unauthorized access to sensitive information and syst...

6.6AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.7 views

PT-2026-2994

Name of the Vulnerable Software and Affected Versions Web Application affected versions not specified Description A flaw exists in a web application where improper handling of a URL parameter could allow attackers to execute code in a user's browser following login. Successful exploitation may...

6.1CVSS6.7AI score0.00347EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-3074

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. Prior to versions 12.3.1 and 11.5.14, the http error log file stores the $ COOKIE and $ SERVER...

8.6CVSS5.3AI score0.00393EPSS
Exploits0References12
Rows per page
Query Builder