Lucene search
K

72 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6AI score0.00332EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/02 5:49 a.m.82 views

Exploit for CVE-2026-41200

CVE-2026-41200 — STIG Manager OIDC Reflected XSS PoC Conceptu...

8.5CVSS6.1AI score0.00332EPSS
Exploits1
NVD
NVD
added 2026/04/23 2:16 a.m.5 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS0.00332EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:40 a.m.5 views

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/23 12:40 a.m.6 views

EUVD-2026-25158

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 12:40 a.m.17 views

CVE-2026-41200

STIG Manager versions 1.5.10–1.6.7 contain a reflected XSS in OIDC error handling (src/init.js, public/reauth.html) where error and error_description are written to the DOM via innerHTML without escaping. An attacker who composes a malicious redirect URL can cause JavaScript to run in the victim’...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

STIG Manager 跨站脚本漏洞

STIG Manager is an information security compliance assessment management tool open source by NUWCDIVNPT. Versions 1.5.10 to 1.6.7 of STIG Manager have a cross-site scripting vulnerability. This vulnerability stems from improper handling of OIDC authentication errors, where innerHTML is written...

8.5CVSS5.6AI score0.00332EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.4 views

PT-2026-34595

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

8.5CVSS6.1AI score0.00332EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 2026/02/25 9:42 a.m.8 views

Security update 5.1.2 for Multi-Linux Manager Client Tools

This update fixes the following issues: golang-github-QubitProducts-exporterexporter: Non-customer-facing optimization around source building golang-github-lusitaniae-apacheexporter: Build without apparmor for openSUSE Leap 16, SLES 16 or newer Require Go 1.23 for building Update to version 1.0.1...

8.7CVSS5.4AI score0.00396EPSS
Exploits0References32
Veeam
Veeam
added 2024/09/16 12:0 a.m.77 views

How to Reset Account Lockout for 'Managed Hardened Repository ISO by Veeam'

Purpose This article documents how to unlock the accounts used with the Managed Hardened Repository ISO by Veeam, veeamsvc or vhradmin, when they become locked out. The Managed Hardened Repository ISO by Veeam deploys Rocky Linux with the DISA STIG security profile, which utilizes faillock to loc...

7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/09/13 12:0 a.m.33 views

Security Updates for Microsoft Office Online Server (September 2024)

The Microsoft Office Web Apps installation on the remote host is missing a security update. It is, therefore, affected by the following: - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. CVE-2024-43465 Note that Nessus has not tested for this iss...

7.8CVSS5.6AI score0.008EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.23 views

F5 Networks BIG-IP : BIG-IP iControl REST Privilege Escalation (K26910459)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.0 / 16.1.4 / 15.1.9. It is, therefore, affected by a vulnerability as referenced in the K26910459 advisory. The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database DB variables. Not...

7.2CVSS7.1AI score0.00533EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/09/12 12:0 a.m.168 views

KB5030213: Windows 10 Version 1607 and Windows Server 2016 Security Update (September 2023)

The remote Windows host is missing security update 5030213. It is, therefore, affected by multiple vulnerabilities - DHCP Server Service Denial of Service Vulnerability CVE-2023-38162 - Windows GDI Elevation of Privilege Vulnerability CVE-2023-36804, CVE-2023-38161 - DHCP Server Service Informati...

8.8CVSS6.7AI score0.24014EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2023/05/02 12:0 a.m.38 views

Dell EMC NetWorker Version Disclosure (DSA-2023-058)

The version of Dell EMC NetWorker installed on the remote Windows host is 19.5 or earlier. It is, therefore, affected by version disclosure vulnerabilities for 'Apache Tomcat' and 'RabbitMQ'. A NetWorker server user with remote access to NetWorker clients can exploit this vulnerability to prepare...

7.5CVSS6.5AI score0.0055EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2023/02/22 1:8 a.m.14 views

scap-security-guide bug fix and enhancement update

An update is available for scap-security-guide. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The scap-security-guide project provides a guide for configuratio...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/01/23 12:0 a.m.38 views

RHEL 9 : sqlite (RHSA-2023:0339)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0339 advisory. SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk...

7.5CVSS7.8AI score0.19193EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2023/01/04 12:0 a.m.98 views

Autodesk DWG TrueView 2023 < 2023.1.1 RCE

The remote host has an install of Autodesk DWG TrueView version 2023 prior to 2023.1.1. It is, therefore, affected by a remote code execution vulnerability due to DLL search order hijacking. Note that Nessus has not tested for this issue but has instead relied only on the application's...

7.8CVSS8.2AI score0.00255EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/10/19 12:0 a.m.37 views

F5 Networks BIG-IP : BIG-IP Advanced WAF and ASM bd vulnerability (K02694732)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.5.2. It is, therefore, affected by a vulnerability as referenced in the K02694732 advisory. - When a BIG-IP Advanced WAF/ASM security policy is configured on a virtual server, undisclosed requests can cause the bd...

7.5CVSS7.4AI score0.00616EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.42 views

ImageMagick < 7.0.10-57 Integer Overflow

The remote Windows host has a version of ImageMagick installed that is prior 7.0.10-57. It is, therefore, affected by an integer overflow error in the GetPixelIndex function. An attacker can craft a malicious PDF file that, when processed by ImageMagick, results in undefined behavior or a crash...

5.5CVSS7AI score0.00365EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/06/07 3:25 p.m.75 views

Moderate: Red Hat Security Advisory: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]

Updated RHV-M Appliance packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

6.5CVSS6.9AI score0.0142EPSS
Exploits0References12
Rows per page
Query Builder