Lucene search
K

84 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.11 views

CVE-2026-45327

TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the issue by requiring either HTTP Basic auth or a ?password= query parameter, comparing the supplied...

8.2CVSS5.5AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33507

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...

8.8CVSS5.9AI score0.00367EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 11:56 p.m.9 views

CVE-2026-27977

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

2.3CVSS5.6AI score0.00171EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/17 11:56 p.m.6 views

CVE-2026-27977 Next.js: null origin can bypass dev HMR websocket CSRF checks

Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in next dev, cross-site protection for internal websocket endpoints could treat Origin: null as a bypass case even if allowedDevOrigins is configured, allowing...

2.3CVSS5.8AI score0.00171EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2025/07/04 12:0 a.m.5 views

The vulnerability of the FreeScout support service management system lies in the lack of measures to protect the website structure. This allows attackers to disclose confidential information and carry out CSRF attacks.

The vulnerability of the FreeScout support service management system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to disclose confidential information and carry out a CSRF attack using a specially created website...

5.4AI score0.00134EPSS
Exploits1References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.7 views

The vulnerability of the cookie-consent management module on Drupal COOKiES websites stems from the lack of measures taken to protect the website structure. This allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the cookie-consent management module on Drupal COOKiES websites is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

9CVSS5.2AI score0.00278EPSS
Exploits0References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2025/06/05 3:31 p.m.236 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 26, 2025 to June 1, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 65 vulnerabilities disclosed in 60 WordPress Plugin...

10CVSS8.7AI score0.02101EPSS
Exploits6
Imperva Blog
Imperva Blog
added 2025/05/16 11:21 p.m.20 views

Beware! A threat actor could steal the titles of your private (and draft) WordPress posts with this new vulnerability!

As of today, almost a billion sites have been built using WordPress, powering businesses and organizations of all sizes. That makes any newly discovered vulnerability especially concerning—like the one recently found and reported by Imperva researchers, which could affect any WordPress site. In...

6.8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/04/16 4:36 p.m.8 views

6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin

📢Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

9.8CVSS8.2AI score0.01482EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/02/17 12:0 a.m.14 views

The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00384EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.5 views

The vulnerability in the download.php script (/phpoffice/phpspreadsheet/samples/download.php) of the PhpSpreadsheet library allows attackers to perform cross-site scripting attacks.

The vulnerability of the download.php /phpoffice/phpspreadsheet/samples/download.php PHP library in the PhpSpreadsheet library is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability could allow a remote attacker to perform cross-site scripting...

8.5CVSS5.3AI score0.00312EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/06 12:0 a.m.6 views

The vulnerability of the web client VPN microprogramming system for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the VPN web client microprogramming software for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...

6.4CVSS5.2AI score0.00412EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/11/15 12:0 a.m.7 views

The vulnerability of the Power Monitoring Expert, Power Operation, and Power SCADA Operation software allows a perpetrator to carry out cross-site scripting attacks.

The vulnerability of the Power Monitoring Expert, Power Operation, and Power SCADA Operation software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks from a remote location...

5.5CVSS5.5AI score0.00287EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/31 12:0 a.m.9 views

The vulnerability in the web interface of the Cisco Secure Firewall Management Center software for network administration allows a perpetrator to execute cross-site scripting attacks.

The vulnerability in the web interface of the Cisco Secure Firewall Management Center formerly known as Cisco Firepower Management Center is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow attackers to execute cross-site scripting...

5.5CVSS5.4AI score0.00301EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/23 12:0 a.m.11 views

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing mechanism is related to the disclosure of information through registration files, which allows attackers to enhance their privileges.

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the role of a “Securit...

6.4CVSS5.5AI score
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/10/18 12:0 a.m.7 views

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to execute arbitrary code.

The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to...

6.4CVSS6AI score0.00426EPSS
Exploits0References2Affected Software3
BDU FSTEC
BDU FSTEC
added 2024/07/29 12:0 a.m.7 views

The vulnerability of the GLPI system’s handling of requests and incidents stems from the lack of measures taken to protect the website structure. This allows attackers to carry out cross-site scripting attacks.

The vulnerability in the GLPI request and incident handling system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

5.5CVSS6.8AI score0.00408EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/07/08 12:0 a.m.4 views

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.6 views

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00313EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.8 views

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

5.5CVSS5.9AI score0.00359EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder