Lucene search
K

11 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 3:44 p.m.6 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 9:0 p.m.3 views

CVE-2026-34400 alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

6.9CVSS5.8AI score0.00505EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 11:40 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049.

Summary IBM Maximo Application Suite - Visual Inspection Component uses wheel dependency which is vulnerable to CVE-2026-24049. This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-24049 DESCRIPTION: wheel is a command line tool...

7.1CVSS7.2AI score0.00311EPSS
Exploits2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/20 1:22 a.m.6 views

CVE-2026-1051

The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hooknewsletteraction function. This makes it possible for unauthenticated...

4.3CVSS5.4AI score0.00104EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.4 views

PT-2026-3448

Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.1.0 Description A security issue exists in @fastify/middie where middleware registered with a specific path prefix can be bypassed using URL-encoded characters. For example, using /%61dmin instead of /admin...

8.8CVSS5.3AI score0.00457EPSS
Exploits1References14
Vulnrichment
Vulnrichment
added 2025/12/16 12:56 a.m.1 views

CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 8.6.1 and 9.1.0-alpha.3, a Reflected Cross-Site Scripting XSS vulnerability exists in Parse Server's password reset and email verification HTML pages. The patch, available ...

5.3CVSS5.3AI score0.00183EPSS
Exploits0References3
CVE
CVE
added 2025/12/16 12:56 a.m.11 views

CVE-2025-68115

Parse Server is affected by a Cross-Site Scripting (XSS) vulnerability in its password reset and email verification HTML pages due to unescaped Mustache template variables. Affected versions are prior to 8.6.1 and 9.1.0-alpha.3; the patch escapes user-controlled values in those pages and is avail...

6.1CVSS5.3AI score0.00183EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/08/13 12:0 a.m.3 views

TOTOLINK X5000R 操作系统命令注入漏洞

The TOTOLINK X5000r is a wireless router manufactured by TOTOLINK. TOTOLINK X5000r has a command injection vulnerability in version 9.1.0cu.2350b20230313. The vulnerability arises because the setAccessDeviceCfg function within the /cgi-bin/cstecgi.cgi file fails to properly validate or clean up...

8.8CVSS8.3AI score0.01661EPSS
Exploits1References2
OSV
OSV
added 2021/04/22 10:15 p.m.5 views

CVE-2021-2311

Vulnerability in the Oracle Hospitality Inventory Management product of Oracle Food and Beverage Applications component: Export to Reporting and Analytics. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP...

6.5CVSS6.9AI score0.0096EPSS
Exploits0References1
OSV
OSV
added 2019/12/13 3:15 p.m.5 views

CVE-2019-5250

Mate 20 Pro smartphones with versions earlier than 9.1.0.135C00E133R3P1 have an improper authorization vulnerability. The software does not properly restrict certain operation of certain privilege, the attacker could trick the user into installing a malicious application before the user turns on...

7.8CVSS7.1AI score0.006EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.5 views

Oracle PeopleSoft Enterprise PRTL Interaction Hub Unauthorized Operation Vulnerability (CNVD-2017-28378)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PRTL Interaction Hub is one of the enterprise and Customer Interaction...

6.1CVSS6.5AI score0.0147EPSS
Exploits0References1
Rows per page
Query Builder