Lucene search
K

19760 matches found

Nuclei
Nuclei
added 15 hours ago58 views

Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect

The Oracle Applications Framework component of Oracle E-Business Suite subcomponent: Popup windows lists of values, datepicker, etc. is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers...

5.8CVSS6.5AI score0.14558EPSS
Exploits4References5
Nuclei
Nuclei
added 15 hours ago68 views

Knowage Suite 7.3 - Cross-Site Scripting

Knowage Suite 7.3 contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. id: CVE-2021-30213 info: name: Knowage Suite 7.3 - Cross-Site Scripting author: alph4byt3 severity:...

6.1CVSS6.5AI score0.02721EPSS
Exploits1References5
Nuclei
Nuclei
added 15 hours ago56 views

Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion

Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...." substring. id: CVE-2022-26233 info: name: Barco Control Room Management Suite =2.9...

7.5CVSS7AI score0.15028EPSS
Exploits3References5
NVD
NVD
added yesterday7 views

CVE-2026-5269

In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...

9.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-5269 Navigator NCS and MCP System Accounts with Default Passwords

In Ciena's Navigator Network Control Suite NCS and Manage Control Plan MCP, there are hidden system accounts used for internal software operations. Some of these accounts have default passwords that may be predictable. While these accounts have very limited permissions on their own, an attacker...

Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-5269

Technical details about CVE-2026-5269 are not publicly available in the provided documents; no affected product versions, exploit information, or remediation specifics are included. Monitor for updates.

9.8CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago318 views

Oracle E-Business Suite <=12.2 - Authentication Bypass

Oracle E-Business Suite component: Manage Proxies 12.1 and 12.2 are susceptible to an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise it by self-registering for an account. Successful attacks of this vulnerability can result in...

7.5CVSS7AI score0.70589EPSS
Exploits1References5
Nuclei
Nuclei
added 2 days ago25 views

Zimbra Collaboration Suite - Memcached Command Injection

Zimbra Collaboration Suite versions 8.8.15 and 9.0 contain a memcached command injection vulnerability that allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance, leading to cache poisoning and potential credential theft. id: CVE-2022-27924 info: name:...

7.5CVSS7.1AI score0.85398EPSS
Exploits2References2
EUVD
EUVD
added 4 days ago4 views

EUVD-2025-210454

The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the starboard-suite-lightbox shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References6
CVE
CVE
added 4 days ago9 views

CVE-2025-13968

The CVE concerns the WordPress plug-in Starboard Suite Reservation Calendars (WordPress). It is vulnerable to Stored Cross-Site Scripting via the [starboard-suite-lightbox] shortcode attributes in all versions up to and including 3.1.4 due to insufficient input sanitization and output escaping. T...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago37 views

CVE-2025-13968 Starboard Suite Reservation Calendars <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Starboard Suite Reservation Calendars plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in the starboard-suite-lightbox shortcode in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS0.00201EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43067

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

6.1AI score0.0009EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57386

Name of the Vulnerable Software and Affected Versions Starboard Suite Reservation Calendars versions prior to 3.1.5 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping within the starboard-suite-lightbox shortcode attributes. Authenticated...

6.4CVSS6.2AI score0.00201EPSS
Exploits0References10
NVD
NVD
added 5 days ago5 views

CVE-2026-13243

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS0.0009EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

0.0009EPSS
Exploits0References1
CVE
CVE
added 5 days ago26 views

CVE-2026-13243

CVE-2026-13243 describes a CSRF vulnerability in the Drupal Salesforce Suite where the OAuth handshake during interactive authentication is not properly validated, enabling an attacker to hijack the authorization token and bind the site to the attacker’s Salesforce account. Affected versions are ...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-13243 Salesforce Suite - Moderately critical - Cross-site request forgery - SA-CONTRIB-2026-063

Cross-Site Request Forgery CSRF vulnerability in Drupal Salesforce Suite allows Cross Site Request Forgery. This issue affects Salesforce Suite versions: from 0.0.0 to 5.1.3...

4.8CVSS6.1AI score0.0009EPSS
Exploits0References5
OSV
OSV
added last week7 views

CVE-2026-54780 CoreWCF: WS-Security Reference DigestMethod Algorithm-Suite Bypass

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS6.1AI score0.00157EPSS
Exploits0References8
Nuclei
Nuclei
added 2026/07/07 4:50 p.m.577 views

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

9.8CVSS8AI score0.98342EPSS
Exploits7References6
Fedora
Fedora
added 2026/07/06 2:55 p.m.9 views

[SECURITY] Fedora 44 Update: rust-inferno-0.12.6-3.fc44

Rust port of the FlameGraph performance profiling tool suite...

5.9AI score
Exploits0
Rows per page
Query Builder