Lucene search
K

668 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-41122

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker wit...

7.1CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 5 days ago8 views

CVE-2026-41122

CVE-2026-41122 affects Dell PowerProtect Data Domain: versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, and LTS2024 7.13.1.0–7.13.1.70 contain a stored cross-site scripting vulnerability. An unauthenticated attacker with remote access could exploit this to cause informatio...

7.1CVSS5.9AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-56420

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain versions 7.7.1.0 through 8.7 Dell PowerProtect Data Domain versions 8.6.1.0 through 8.6.1.10 Dell PowerProtect Data Domain versions 8.3.1.0 through 8.3.1.30 Dell PowerProtect Data Domain versions 7.13.1.0 through...

7.1CVSS6.2AI score0.00202EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-58579

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS0.00182EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 8:54 a.m.14 views

CVE-2026-6954

CVE-2026-6954 describes a Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. The issue enables an attacker to execute JavaScript or inject a dynamic iframe in a victim’s browser by sending a malicious URL via the ‘urlDestino’ parameter in /portal.do, potentially expos...

5.1CVSS5.9AI score0.00366EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:45 p.m.30 views

CVE-2026-54040 LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can...

5.9CVSS0.0015EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.12 views

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.9 views

CVE-2026-39960

Mantis Bug Tracker MantisBT is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in the Update Issue page, bugupdatepage.php allowing an attacker to inject HTML and, if CSP settings permit, execute...

5.4CVSS5.7AI score0.0023EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 6:17 p.m.17 views

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS0.00168EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/05 5:53 p.m.11 views

EUVD-2026-34871

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References1
NVD
NVD
added 2026/06/05 2:16 p.m.15 views

CVE-2026-50235

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS0.00158EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/05 1:24 p.m.8 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/05 1:24 p.m.11 views

EUVD-2026-34834

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/05 1:24 p.m.40 views

CVE-2026-50235 Lyrion Music Server 9.2.0 Reflected XSS via search Parameters

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS0.00158EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-46954

Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search parameters that fail to properly sanitize user input before displaying it in search forms. Attackers can inject malicious scripts through unfiltered search parameters to execute arbitrary JavaScri...

6.1CVSS5.6AI score0.00158EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.16 views

PT-2026-47018

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/04 11:24 a.m.10 views

CVE-2026-35192

A flaw was found in Django. When the SESSIONSAVEEVERYREQUEST setting is enabled, response headers do not properly vary on cookies for unmodified sessions. This vulnerability allows a remote attacker to steal a user's session after the user visits a cached public page, leading to unauthorized acce...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References6
OSV
OSV
added 2026/06/02 10:16 p.m.10 views

PYSEC-2026-203

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 10:16 p.m.13 views

CVE-2026-35212

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

6.1CVSS0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:28 p.m.8 views

CVE-2026-35212

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder