Lucene search
K

4428 matches found

Nuclei
Nuclei
added 13 hours ago44 views

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

6.1CVSS6.4AI score0.04474EPSS
Exploits1References5
Nuclei
Nuclei
added 13 hours ago18 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS6.2AI score0.1544EPSS
Exploits1References3
CVE
CVE
added yesterday11 views

CVE-2026-9824

Mattermost v11.7.x ≤ 11.7.2, v11.6.x ≤ 11.6.4, and v10.11.x ≤ 10.11.19 are affected by CVE-2026-9824 due to a missing check of the manage_shared_channels permission in the /share-channel autocomplete handler. This allows an authenticated user without that permission to enumerate remote cluster co...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added yesterday27 views

CVE-2026-15547 Shibby Tomato CIFS Mount sub_2D048 os command injection

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available ...

6.5CVSS0.0105EPSS
Exploits0References5
CVE
CVE
added 2 days ago14 views

CVE-2026-61874

CVE-2026-61874 affects filebrowser before 2.63.17. The root cause is improper path normalization in DeleteWithPathPrefix, allowing an authenticated user to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path and then recreate the same directory to...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-61874 filebrowser before 2.63.17 Stale Public Share via Trailing-Slash Delete

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS0.00198EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-56765

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56765 Vikunja - Unauthenticated Instance-Wide Data Breach via Link Share Hash Disclosure Chained with Cross-Project Attachment IDOR

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS0.00351EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42890

Vikunja before 2.2.1 contains an authorization flaw where the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. The GetTaskAttachment endpoint performs permission checks against user-supplied task IDs but fetches...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-56765

Summary (CVE-2026-56765): Vikunja prior to 2.2.1 contains two related authorization flaws. First, the LinkSharing.ReadAll endpoint exposes share hashes to users with read access, enabling permission escalation to admin-level shares. Second, the GetTaskAttachment endpoint performs permission check...

9.8CVSS6.1AI score0.00351EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago11 views

Linux Distros Unpatched Vulnerability : CVE-2026-60102

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Horde Virtual File System VFS API before 3.0.1 contains an OS command injection vulnerability in the HordeVfsSmb driver where the escapeShellCommand method fail...

8.8CVSS6.3AI score0.01803EPSS
Exploits0References3
NVD
NVD
added 6 days ago9 views

CVE-2026-11798

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS0.00204EPSS
Exploits0References3
CVE
CVE
added 6 days ago12 views

CVE-2026-11798

The CVE concerns the WordPress plugin Social Share, Social Login and Social Comments Plugin – Super Socializer . It is vulnerable to Reflected Cross-Site Scripting via the parameter heateor_mastodon_share in all versions up to and including 7.14.5 , caused by insufficient input sanitization and o...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42168

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS6.1AI score0.00204EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-11798 Social Share, Social Login and Social Comments Plugin <= 7.14.5 - Reflected Cross-Site Scripting via 'heateor_mastodon_share' Parameter

The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'heateormastodonshare' parameter in all versions up to, and including, 7.14.5 due to insufficient input sanitization and output escaping. This...

6.1CVSS0.00204EPSS
Exploits0References3
NVD
NVD
added last week9 views

CVE-2026-57172

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs,...

8.3CVSS0.00289EPSS
Exploits0References2
NVD
NVD
added last week7 views

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added last week28 views

CVE-2026-50530 DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS0.00238EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing...

7.1CVSS6AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added last week14 views

CVE-2026-50530

DataEase prior to version 2.10.24 exposes a vulnerability in the share mode chart data interface. The API path POST /de2api/chartData/getData only validates that sceneId matches the resourceId in the link token and does not verify whether tableId and field IDs in the request body belong to the sh...

7.1CVSS6AI score0.00238EPSS
Exploits0References3
Rows per page
Query Builder