Lucene search
K

56 matches found

Cvelist
Cvelist
added 2026/06/24 2:17 p.m.32 views

CVE-2026-50698 Frappe Framework 17.0.0-dev - Stored XSS in Audit Trail template rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:48 p.m.28 views

CVE-2026-9143 Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen

There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently discard high bits if a size value exceeded the target type's range. This affects NI grpc-device 2.17.0 and prior versions...

6.3CVSS0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:18 p.m.24 views

CVE-2026-49871

CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:26 p.m.9 views

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 6:43 p.m.8 views

CVE-2026-39969

TypeBot is a chatbot builder tool. In versions 3.16.0 and prior, the WhatsApp Cloud API webhook endpoint POST /v1/workspaces/workspaceId/whatsapp/credentialsId/webhook does not verify the x-hub-signature-256 HMAC signature included by Meta in every webhook delivery. The webhook URL exposes both...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/09 7:16 p.m.19 views

CVE-2026-42333

CVE-2026-42333 affects Quarkus OpenAPI Generator. The issue: the generated authentication filter can match OpenAPI path templates too broadly, causing a security scheme for one operation to be applied to a different, similarly-named operation. This can cause bearer tokens, API keys, or basic cred...

6.3CVSS5.7AI score0.004EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:43 p.m.4 views

BIT-JAVA-MIN-2023-21843

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Sound. Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploi...

3.7CVSS6.8AI score0.01357EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:37 p.m.5 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

7.6CVSS5.8AI score0.00583EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Jupyter Server 代码问题漏洞

Jupyter Server is an application developed by the Jupyter organization that provides backend services for Jupyter web applications. Jupyter Server versions 2.17.0 and earlier have code vulnerabilities. These vulnerabilities stem from the persistence of the key used for signing authentication...

7.6CVSS5.8AI score0.00308EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/20 4:19 p.m.34 views

CVE-2026-40098 OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to version 20.17.0, the shared wishlist add-to-cart endpoint authorizes access with a public...

5.3CVSS0.00176EPSS
Exploits1References1
NVD
NVD
added 2026/04/17 1:16 p.m.14 views

CVE-2026-6486

A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipulation of the argument displayname results in cross site scripting. The attack can be executed...

5.1CVSS0.00212EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:12 p.m.4 views

CVE-2026-39943

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...

6.5CVSS6AI score0.0017EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35441

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints /graphql and /graphql/system did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensive...

6.5CVSS6AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 10:16 p.m.6 views

CVE-2026-35408

Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retai...

9.3CVSS0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/17 12:31 a.m.4 views

EUVD-2026-12531

A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explo...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/19 5:48 p.m.19 views

CVE-2026-23646 OpenProject users can delete other user's session, causing them to be logged out

OpenProject is an open-source, web-based project management software. Users of OpenProject versions prior to 16.6.5 and 17.0.1 have the ability to view and end their active sessions via Account Settings → Sessions. When deleting a session, it was not properly checked if the session belongs to the...

6.5CVSS0.00315EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/10 10:43 p.m.2 views

EUVD-2025-202640

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

6.9CVSS6AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 11:33 a.m.15 views

CVE-2024-56840

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.0, RUGGEDCOM ROX MX5000RE All versions V2.17.0, RUGGEDCOM ROX RX1400 All versions V2.17.0, RUGGEDCOM ROX RX1500 All versions V2.17.0, RUGGEDCOM ROX RX1501 All versions V2.17.0, RUGGEDCOM ROX RX1510 All versions V2.17.0...

7.5CVSS9.4AI score0.00574EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.5 views

Siemens RUGGEDCOM ROX II 注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to cause execution of arbitrary code...

7.5CVSS9.3AI score0.00574EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.3 views

Siemens RUGGEDCOM ROX II 注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that can be exploited by an attacker to cause execution of arbitrary code...

8.6CVSS9.3AI score0.00574EPSS
Exploits0References1
Rows per page
Query Builder