Lucene search
K

819 matches found

Cvelist
Cvelist
added 17 hours ago9 views

CVE-2026-44752 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java(Configuration Wizard)

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS
Exploits0References2
CVE
CVE
added 17 hours ago15 views

CVE-2026-44752

CVE-2026-44752 affects SAP NetWeaver Application Server Java (often noted with the Configuration Wizard). The vulnerability is a Cross-Site Scripting (XSS) issue where an unauthenticated attacker can inject malicious JavaScript through crafted URLs. When a victim loads such a URL, the script runs...

8.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 17 hours ago5 views

EUVD-2026-43587

SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data...

8.2CVSS6.1AI score
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago6 views

podman: Podman: Information disclosure via malicious container image environment variables

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.9AI score0.0026EPSS
Exploits0References6
CVE
CVE
added 2026/07/06 7:41 p.m.18 views

CVE-2026-14898

The CVE affects the OpenAI Codex desktop app for macOS, where rendering remote images from Markdown in model responses can exfiltrate data. An indirect prompt injection in content (e.g., from connected tools or untrusted sources) could cause the model to construct a remote image URL containing se...

6.5CVSS6.1AI score0.00221EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:16 p.m.9 views

CVE-2026-13602

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2025-210289

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/19 1:53 p.m.7 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the WebsocketToken handler and the WebSocket upgrader process. An attacker can access sensitive session state and resource information by obtaining a CSRF token from an unauthenticated...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

9.2CVSS5.9AI score0.00397EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/16 8:12 p.m.28 views

CVE-2026-48294

Adobe Acrobat PDF Extension Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in tha...

7.4CVSS0.00719EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50077

Name of the Vulnerable Software and Affected Versions Adobe Acrobat PDF Extension Chrome versions prior to 26.5.2.3 Description A UXSS-class cross-origin data disclosure issue exists where an attacker can gain access to the victim's session data. UXSS Universal Cross-Site Scripting is a type of...

7.4CVSS5.8AI score0.00719EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 12:16 a.m.16 views

CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

8.7CVSS0.00208EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 10:50 p.m.10 views

EUVD-2026-35869

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS5.5AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.17 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.14 views

CVE-2026-33569

Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device...

6.5CVSS5.4AI score0.00186EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4914

Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required...

5.4CVSS5.5AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.10 views

CVE-2026-39381

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.7 and 8.6.75, the GET /sessions/me endpoint returns Session fields that the server operator explicitly configured as protected via the protectedFields server option. Any...

5.3CVSS5.4AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.8 views

CVE-2026-44423

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records SSH username, device UID, remote IP, terminal type, authenticated fla...

6.5CVSS5.5AI score0.00246EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix 1.7.0 and later contain security vulnerabilities. These vulnerabilities stem from the disabling of TLS certificate verification, which may allow man-in-the-middle attackers to intercept and modi...

8CVSS5.4AI score0.00168EPSS
Exploits1References2
Rows per page
Query Builder