Lucene search
K

7171 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.13 views

CVE-2026-41057

WWBN AVideo is an open source video platform. In versions 29.0 and below, the CORS origin validation fix in commit 986e64aad is incomplete. Two separate code paths still reflect arbitrary Origin headers with credentials allowed for all /api/ endpoints: 1 plugin/API/router.php lines 4-8...

7.1CVSS5.6AI score0.00132EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.8 views

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS5.7AI score0.00344EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:49 p.m.9 views

CVE-2025-71318

NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages such as administration.html, administration-commands.html, and configuration.html to disclose sensitive information including...

9.8CVSS5.5AI score0.00533EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.8 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability. This vulnerability arises from administrators with delegated access rights to read group member identities and user information. They can bypass user profile permission...

2.7CVSS5.3AI score0.00348EPSS
Exploits0References2
Redos
Redos
added 2026/06/05 12:0 a.m.7 views

ROS-20260605-73-0046

The vulnerability in Grafana relates to the unencrypted storage of user data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

7.5CVSS5.4AI score0.00309EPSS
Exploits0
NVD
NVD
added 2026/06/04 2:16 p.m.12 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS0.0027EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/04 1:54 p.m.34 views

CVE-2026-10864 MISP Dashboard widget field selection may expose restricted user and organisation data

A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In some cases, requesting a field set that became empty after validation or redaction could cause th...

5.3CVSS0.00176EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 1:54 p.m.15 views

CVE-2026-10864

The vulnerability CVE-2026-10864 affects MISP dashboard widgets (New Users and New Organisations). The issue stems from how field filtering and redaction are applied to the user-selected field list, which could leave the field set empty and cause the underlying query to fall back to returning uni...

5.3CVSS5.8AI score0.00176EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 1:22 p.m.10 views

CVE-2019-25732 PHP EI-Tube Script 3 SQL Injection via search parameter

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:22 p.m.8 views

CVE-2019-25726

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46202

PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to...

8.8CVSS6.1AI score0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.22 views

PT-2026-46238

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description An issue in the dashboard widgets allows an authenticated user to manipulate the fields option to influence the data returned by the New Users and New Organisations widgets. When a requested fie...

5.3CVSS5.4AI score0.00176EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 12:31 a.m.13 views

EUVD-2026-33764

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 10:16 p.m.17 views

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS0.00344EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/01 9:2 p.m.29 views

CVE-2026-49491 Pixa Bank 2.0 SQL Injection via agence-ajax.php API

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS0.00344EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 9:2 p.m.24 views

CVE-2026-49491

Technical details beyond the initial description are not publicly available in the provided documents. Monitor for updates from connected sources to obtain confidential details, affected versions, or remediation steps.

8.8CVSS5.9AI score0.00344EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:2 p.m.8 views

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS5.9AI score0.00344EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:4 a.m.35 views

CVE-2026-40548 Unrestricted Upload of File with Dangerous Type in SOPlanning

SOPlanning does not verify uploaded file extension. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a legitimate user.csv file alongside a malicious file, which is extracted on the server. When combined with CVE-2026-40547 Path...

6.4CVSS0.0031EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.8 views

SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Versions of SOPlanning 1.55 and earlier had a cross-site scripting vulnerability. This vulnerability stemmed from the /process/uploadbackup endpoint, which was vulnerable to storage-based cross-site scripti...

5.1CVSS5.3AI score0.00295EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-30760

An issue in SourceBans Material Admin before v.1.1.6 3ecd95e allows attackers to manipulate arbitrary user data in the web app via a crafted XAJAX call...

7.3CVSS5.9AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder