Lucene search
K

843 matches found

Nuclei
Nuclei
added 16 hours ago50 views

Navidrome < 0.53.0 - Authenticated SQL Injection

Navidrome is an open source web-based music collection server and streamer. Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not...

9.4CVSS7.1AI score0.04457EPSS
Exploits2References3
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-44454 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7 and 2.30.2, the dotfiles registry module passed unsanitized user input to shell commands, allowing arbitrary code execution inside a provisioned workspace. Any user who supplied a craft...

8.1CVSS0.02642EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:12 p.m.7 views

CVE-2026-57498

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId$teamId before any operation. However, multiple Livewire web UI components accept...

9.6CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 3:59 p.m.36 views

CVE-2026-12620 Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 3:59 p.m.6 views

CVE-2026-12620

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 3:59 p.m.19 views

CVE-2026-12620

The CVE affects GridTime 3000 GNSS Time Server versions 1.0r0.03 through 1.1r0.0, where an access token is leaked in the URL parameters of certain endpoints. The issue is documented by NVD/CVE entries for CVE-2026-12620, with an attack surface described as NETWORK, requiring HIGH privileges and A...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/19 3:59 p.m.7 views

EUVD-2026-38041

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS5.8AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/19 3:59 p.m.4 views

CVE-2026-12620 Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server

The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

4.6CVSS5.8AI score0.00227EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50946

Name of the Vulnerable Software and Affected Versions GridTime 3000 versions 1.0r0.03 through 1.1r0.0 Description The GridTime 3000 GNSS Time Server leaks the access token within the URL parameters of certain endpoints. Recommendations Update GridTime 3000 versions 1.0r0.03 through 1.1r0.0 to a...

6.5CVSS6.1AI score0.00227EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50500

Name of the Vulnerable Software and Affected Versions Cisco Webex App affected versions not specified Description An issue in the browser-based version of the application allows an unauthenticated remote attacker to redirect users to a malicious webpage. This occurs due to improper input validati...

5CVSS5.9AI score0.00202EPSS
Exploits0References8
GithubExploit
GithubExploit
added 2026/06/13 7:11 a.m.81 views

web-vuln-scanner

Web Vulnerability Scanner Basic web application vulnerability...

5.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/12 8:36 p.m.8 views

CVE-2026-54395 MISP UiBeta event index reflected XSS in advanced filter popup

MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a single-quoted JavaScript string. Because browsers HTML-decode attribute values before JavaScript parsing, a...

5.3CVSS5.1AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48997

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A reflected cross-site scripting issue exists in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping within a single-quoted...

5.3CVSS4.9AI score0.00256EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/06/10 4:40 a.m.12 views

Revive Adserver: Reflected XSS in stats‑video.php via improperly encoded URL parameters

A reflected XSS vulnerability was discovered in the stats‑video.php script due to improper encoding of user input in the URL parameters...

6.1CVSS5.8AI score0.00224EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.19 views

PT-2026-48394

The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gridpropertiesborderColor' and 'gridimagesNattachment url' Parameters in all versions up to, and including, 1.13.6 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.6AI score0.00195EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.9 views

CVE-2026-9280

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/06 2:28 a.m.15 views

EUVD-2026-34945

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.45 views

CVE-2026-9280 Ad Inserter <= 2.8.15 - Reflected Cross-Site Scripting via URL Parameters in iframe Mode

The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00225EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.25 views

PT-2026-47138

Name of the Vulnerable Software and Affected Versions Ad Inserter – Ad Manager & AdSense Ads versions prior to 2.8.16 Description The plugin is subject to Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page without proper validation, allowing...

6.1CVSS5.7AI score0.00225EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42516

This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the request URL to gain unauthorized access to patient accounts on the targeted system...

7.1CVSS5.5AI score0.00226EPSS
Exploits0References1
Rows per page
Query Builder