Lucene search
+L

310 matches found

Vulnrichment
Vulnrichment
added 4 days ago3 views

CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago12 views

OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00797EPSS
Exploits0
NVD
NVD
added 4 days ago7 views

CVE-2026-44760

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-44760 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)

Due to a Cross-Site Scripting XSS vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions...

4.7CVSS0.00142EPSS
Exploits0References2
CVE
CVE
added 4 days ago13 views

CVE-2026-44760

The CVE-2026-44760 entry concerns a Cross-Site Scripting (XSS) in SAP NetWeaver Application Server ABAP-based applications that use the Business Server Pages framework. The vulnerability arises from unsanitized input being reflected in the HTTP response, enabling an attacker to inject and execute...

4.7CVSS6.3AI score0.00142EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.23 views

Zimbra Collaboration Server < 8.8.15 Patch 7 Server-Side Request Forgery Vulnerability

According to its self-reported version number, Zimbra Collaboration Server is affected by a server-side request forgery vulnerability: - Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. CVE-2020-7796 Note that Nessus has no...

9.8CVSS7.5AI score0.84593EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 12:58 p.m.34 views

CVE-2026-47200 Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS0.0023EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.14 views

CVE-2026-40132

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS5.5AI score0.0019EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 5:15 p.m.11 views

GHSA-HG3F-28RG-4JXJ Nuxt's route middleware is not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Summary When experimental.componentIslands is enabled default in Nuxt 4, any .server.vue file under pages/ is automatically registered as a server island under the key page and exposed via the /nuxtisland/:name endpoint. Until this fix, requests through that endpoint rendered the page component...

6.3CVSS5.9AI score0.0023EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.18 views

PT-2026-45028

Name of the Vulnerable Software and Affected Versions Nuxt versions 3.11.0 through 3.21.5 Nuxt versions 4.0.0-alpha.1 through 4.4.5 @nuxt/nitro-server versions 3.20.0 through 3.21.5 @nuxt/nitro-server versions 4.0.0-alpha.1 through 4.4.5 Description When experimental.componentIslands is enabled,...

6.3CVSS5.3AI score0.0023EPSS
Exploits1References8
CVE
CVE
added 2026/05/12 9:6 p.m.17 views

CVE-2026-44257

efw4.X (Enterprise Framework for Web) contains a zip-slip path traversal in efw.file.FileManager.unZip prior to 4.08.010. Zip entries are extracted with new File(baseDir, zipEntry.getName()) without canonical-path validation, allowing a crafted entry such as ../../../pwned.jsp to escape the extra...

9.3CVSS6AI score0.00319EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 3:16 a.m.17 views

CVE-2026-40137

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 2:23 a.m.9 views

CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS5.8AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:23 a.m.47 views

CVE-2026-40137 Cross-Site Scripting (XSS) vulnerability in Business Server Pages Application (TAF_APPLAUNCHER)

SAP TAFAPPLAUNCHER within Business Server Pages allows an unauthenticated attacker to craft malicious links that, when clicked by a victim, redirects them to attacker?controlled sites, potentially exposing or altering sensitive information in the victim�s browser. This results in a low impact on...

6.1CVSS0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 2:21 a.m.54 views

CVE-2026-40132 Missing Authorization Check in SAP Strategic Enterprise Management (BSP application Balanced Scorecard Wizard)

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS0.0019EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.12 views

SAP NetWeaver Application Server ABAP 跨站脚本漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. SAP NetWeaver Application Server ABAP has a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site...

4.7CVSS5.7AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2026/05/09 11:16 p.m.59 views

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

5.8CVSS0.00244EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.13 views

Fess 注入漏洞

Fess is a powerful and easy-to-deploy enterprise search server developed by the CodeLibs Project. Versions of Fess 15.5.1 and earlier contained a vulnerability due to an injection flaw in the JSP File Handler component. This flaw stemmed from the update function in the...

5.8CVSS5.9AI score0.00244EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/20 10:15 a.m.4 views

CVE-2026-6629 Metasoft 美特软件 MetaCRM Interface sql.jsp Statement.executeUpdate sql injection

A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation of the argument sql leads to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS5.5AI score0.00259EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/04 4:29 p.m.8 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat11: tomcat11-11.0.21-0.1.hum1 noarch tomcat11-admin-webapps-11.0.21-0.1.hum1 noarch tomcat11-docs-webapp-11.0.21-0.1.hum1 noarch tomcat11-el-6.0-api-11.0.21-0.1.hum1 noarch...

9.6CVSS6.9AI score0.66535EPSS
Exploits4References9
Rows per page
Query Builder