Lucene search
K

241 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-57213

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqfederationmanagement plugin renders the consumertag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute...

5.7CVSS0.00325EPSS
Exploits1References6
NVD
NVD
added 4 days ago7 views

CVE-2026-41877

R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...

5.1CVSS0.0039EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 5:14 p.m.5 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.2AI score0.0021EPSS
Exploits1References5
Circl
Circl
added 2026/06/20 4:10 p.m.11 views

CVE-2026-51846

creationtimestamp| type| source ---|---|--- 2026-06-20 16:10:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116783304621209682...

9.8CVSS5.8AI score0.00584EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.13 views

CVE-2025-52206

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting XSS via the system status webpage...

4.7CVSS5.5AI score0.00213EPSS
Exploits1References1
Circl
Circl
added 2026/06/05 1:24 p.m.12 views

CVE-2026-11141

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:14+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

6.5CVSS5.3AI score0.0025EPSS
Exploits0References3
Circl
Circl
added 2026/06/05 1:23 p.m.10 views

CVE-2026-10979

creationtimestamp| type| source ---|---|--- 2026-06-05 13:23:41+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

6.5CVSS5.3AI score0.00308EPSS
Exploits0References3
Circl
Circl
added 2026/06/05 1:23 p.m.15 views

CVE-2026-10915

creationtimestamp| type| source ---|---|--- 2026-06-05 13:23:30+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608...

8.3CVSS5.3AI score0.00275EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/04 4:15 p.m.10 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/02 10:29 p.m.11 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.22 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : PHP vulnerabilities (USN-8336-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8336-1 advisory. Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the...

9.8CVSS6.2AI score0.0078EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/01 1:30 p.m.31 views

CVE-2026-10261 CodeAstro Online Job Portal application_status.php sql injection

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

7.5CVSS0.00263EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 1:30 p.m.15 views

EUVD-2026-33643

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

7.5CVSS6.9AI score0.00263EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/01 11:21 a.m.66 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/01 3:37 a.m.22 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/01 3:18 a.m.14 views

PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6.1AI score0.0021EPSS
Exploits1References5
Circl
Circl
added 2026/05/30 5:4 p.m.17 views

CVE-2026-10192

creationtimestamp| type| source ---|---|--- 2026-05-30 17:04:12+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116664608498253097 2026-05-31 19:04:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mn6b26y72e2s 2026-05-31 23:04:21+00:00| seen|...

9CVSS7.3AI score0.00503EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.16 views

SUSE SLES12 Security Update : xen (SUSE-SU-2026:2066-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2066-1 advisory. This update for xen fixes the following issues - CVE-2025-54505: Floating Point Divider State Sampling on AMD CPUs AMD-SN-7053 bsc1262428. -...

7.8CVSS5.9AI score0.00258EPSS
Exploits0References13
Ubuntu
Ubuntu
added 2026/05/28 1:31 p.m.20 views

USN-8336-1: PHP vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

9.8CVSS6.2AI score0.0078EPSS
Exploits1
Circl
Circl
added 2026/05/27 7:22 a.m.13 views

CVE-2025-41670

creationtimestamp| type| source ---|---|--- 2026-05-27 07:22:42+00:00| seen| https://infosec.exchange/users/certvde/statuses/116645334969189092...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References1
Rows per page
Query Builder