CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

ATTACKERKB•added 2026/03/18 2:30 p.m.•1 views

CVE-2026-32609

Glances is an open-source system cross-platform monitoring tool. The GHSA-gh4x fix commit 5d3de60 addressed unauthenticated configuration secrets exposure on the /api/v4/config endpoints by introducing asdictsecure redaction. However, the /api/v4/args and /api/v4/args/item endpoints were not...

7.5CVSS5.8AI score0.00082EPSS

Exploits1References4Affected Software1

Cvelist•added 2026/02/03 6:6 p.m.•28 views

CVE-2026-25484 Craft Commerce has Stored XSS in Product Type Name

Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, there is a Stored XSS via Product Type names. The name is not sanitized when displayed in user permissions settings. The vulnerable input source is in Commerce Product Type setting...

4.8CVSS0.00019EPSS

Exploits1References4