Lucene search
K

4710 matches found

CVE
CVE
added 1 hour ago40 views

CVE-2026-49352

CVE-2026-49352 affects 9router, a Node.js/Next.js AI router. The vulnerability stems from a hardcoded fallback JWT secret, implemented as the public string 9router-default-secret-change-me, used when JWT_SECRET is unset in multiple files. An attacker can forge a valid auth_token cookie and gain a...

9.8CVSS6.1AI score0.0019EPSS
Exploits1References3
Cvelist
Cvelist
added 5 hours ago8 views

CVE-2026-1563 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS
Exploits0References1
EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-44727

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.8CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added 6 hours ago8 views

CVE-2026-1562 Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting (XSS) vulnerability in a user interface component. Requires a high privileged user with a developer role.

Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...

4.6CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago9 views

CVE-2026-57831 Joomla Extension - digital-peak.com - Unauthenticated blind SQL injection in DP Calendar 8.18.0 - 10.11.2

The Joomla extension DP Calendar is vulnerable to an unauthenticated SQL injection...

8.7CVSS
Exploits0References1
Nuclei
Nuclei
added 18 hours ago63 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.1AI score0.00773EPSS
Exploits1References3
CVE
CVE
added yesterday6 views

CVE-2026-15305

The CVE affects TYPO3 CMS versions 14.2.0–14.3.5. Root cause: MimeTypeValidator is registered during form building before concrete form definition properties are applied, so the server-side enforcement of allowedMimeTypes is bypassed and users can upload files with arbitrary MIME types via FileUp...

6.3CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday25 views

CVE-2026-62392 Apache Kylin: OS Command Injection via Async Query API

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...

Exploits0References1
NVD
NVD
added yesterday8 views

CVE-2026-59246

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS0.00305EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.1CVSS6.1AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2 days ago4 views

CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

5.3CVSS6.3AI score0.00308EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43078

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

6.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43080

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

6.1AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43115

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43048

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-15084

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 5 days ago9 views

CVE-2026-15085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-13240

Missing Authorization vulnerability in Drupal Paragraphs allows Forceful Browsing. This issue affects Paragraphs versions: from 0.0.0 to 1.21.0...

6.5CVSS0.00159EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-13244

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

8.1CVSS0.00423EPSS
Exploits0References1
Rows per page
Query Builder