Lucene search
K

4952 matches found

CVE
CVE
added yesterday5 views

CVE-2026-59802

PasswordPusher before 2.8.1 is vulnerable to Redirect-Based XSS due to insufficient validation in the valid_url function, allowing data:text/html URIs in URL push payloads that can execute JavaScript in victims’ browsers when clicked within the trusted domain. Affected versions: before 2.8.1. Roo...

8.2CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-59882 guzzlehttp/psr7: Host Confusion via Weak URI Host Validation

guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost to disagree with the URI authority used for security ...

4.2CVSS
Exploits0References4
Nuclei
Nuclei
added yesterday16 views

ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

5.3CVSS5.9AI score0.00908EPSS
Exploits1References3
NVD
NVD
added yesterday5 views

CVE-2026-14487

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS0.0074EPSS
Exploits0References6
NVD
NVD
added 3 days ago7 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS0.00292EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago8 views

CVE-2026-7185

A validation vulnerability has been identified in certain web features related to file management or upload in several products of the TAO 2.0 suite. This vulnerability could allow an attacker capable of interacting with the affected feature to attempt to access file system resources outside the...

6CVSS5.8AI score0.00292EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-49042 Apache Camel: langchain4j-tools: filter tool argument headers against declared parameters

Improper Input Validation vulnerability in Apache Camel. This issue affects Apache Camel: from 4.8.0 through 4.18.2, from 4.19.0 through 4.20.0. Users are recommended to upgrade to version 4.18.3, 4.21.0, which fixes the issue...

0.00199EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-59509

An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...

9.2CVSS6.2AI score0.00349EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 4 days ago12 views

EUVD-2026-41753

An unauthenticated improper input validation vulnerability in the POST /fetchcvedata endpoint in cve-search. A remote attacker can manipulate request parameters controlling the MongoDB collection, projected fields, and regular-expression filters to read arbitrary application MongoDB collections...

9.2CVSS6.2AI score0.00349EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2022-4989

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation...

8.5CVSS5.8AI score0.00103EPSS
Exploits0References2
Nuclei
Nuclei
added last week18 views

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

10CVSS8.3AI score0.83337EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55284

Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...

8.1CVSS6.3AI score0.0067EPSS
Exploits0References11
NVD
NVD
added 2026/07/01 5:16 p.m.10 views

CVE-2026-56151

Improper Input Validation CWE-20 in Kibana can lead to a denial of service via Input Data Manipulation CAPEC-153. An authenticated user can submit a specially crafted Fleet policy input that is not correctly validated, which can render Fleet agent, server, and policy management functionality...

6.5CVSS0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 4:27 p.m.31 views

CVE-2026-20191 Cisco Catalyst Center Arbitrary File Read Vulnerability

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS0.00756EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:58 p.m.5 views

CVE-2026-24250

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause improper validation of allowed inputs. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS5.8AI score0.00155EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/07/01 11:59 a.m.9 views

EUVD-2026-40955

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

7.1CVSS5.9AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 4:17 a.m.8 views

CVE-2026-20457

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

5.3CVSS0.00182EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54702

Name of the Vulnerable Software and Affected Versions Cisco Catalyst Center affected versions not specified Description Insufficient validation of user-supplied input allows an unauthenticated, remote attacker to read arbitrary files from a restricted container. This is achieved by sending a...

7.5CVSS6AI score0.00756EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00251EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14045

Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder