Lucene search
K

160658 matches found

CVE
CVE
added yesterday13 views

CVE-2026-33803

CVE-2026-33803 (Junos OS Evolved) : A wrong initialization allows a process that should be internal to be reachable over the network via an open port, exposing the device and increasing CPU usage from ingress processing. Affects Junos OS Evolved releases prior to the following: 23.2R2-S7-EVO, 23....

6.9CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-33803 Junos OS Evolved: A port which has been inadvertently exposed can be reached by an attacker

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a limited information disclosure and availability impact to the device. Due to a wrong initialization, a process whi...

6.9CVSS
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42702

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon RPD of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker sending a specific BGP update over an established BGP session to cause a Denial-of-Service DoS...

7.1CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-55208

Pimcore Studio Backend Bundle is the backend bundle for Pimcore Studio. Prior to 2025.4.6 and 2026.1.6, an authenticated user can extract the admin password hash and other database content through time-based blind SQL injection in the DateFilter column key parameter. The POST...

7.7CVSS6.1AI score
Exploits0References6Affected Software1
Patchstack
Patchstack
added yesterday4 views

WordPress Highlighting Code Block plugin <= 2.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Chinnapak Charoensiri in WordPress Plugin Highlighting Code Block versions = 2.2.0...

4.4CVSS6.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added yesterday3 views

WordPress GW AI Website Builder plugin <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Settings Deletion vulnerability discovered by Legion Hunter in WordPress Plugin GW AI Website Builder versions = 1.0.1...

4.3CVSS6.1AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-54004

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55590

CakePHP Authentication is an authentication plugin for CakePHP that can also be used in PSR-7 based applications. Prior to 2.11.1, 3.3.6, and 4.1.1, the getLoginRedirect method contains a weakness to backslash bypasses that allows redirect targets with attacker-controlled hostnames through the...

5.1CVSS5.9AI score
Exploits0References11Affected Software1
CVE
CVE
added yesterday14 views

CVE-2026-49276

Kirby CMS contains a self-XSS vulnerability (CVE-2026-49276) in the writer field used by any blueprint. In affected releases, a scripting link could be placed as the target of a link or email link in writer mark components, allowing the attacker to trigger JavaScript execution in the authenticate...

7.4CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday19 views

CVE-2026-54004

CVE-2026-54004 affects Kirby CMS. Prior to version 4.9.4 and 5.4.4, when content.fileRedirects is enabled, clean file URLs for files stored in top-level draft pages could be redirected to physical media URLs without verifying draft page permissions or preview tokens, potentially disclosing draft ...

6.3CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added yesterday28 views

CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...

8.5CVSS
Exploits0References7
EUVD
EUVD
added yesterday5 views

EUVD-2026-42664

Metabase is an open-source business intelligence and embedded analytics tool. From 1.55.0 until 1.58.15.1, 1.59.12, 1.60.6.3, and 1.61.2, Metabase did not validate unsafe H2 connection properties on one database-creation code path, allowing an authenticated administrator to register a crafted H2...

9.1CVSS6.2AI score
Exploits0References6
Cvelist
Cvelist
added yesterday28 views

CVE-2026-59827 Metabase: Unsafe Deserialization of H2 Query Results

Metabase is an open-source business intelligence and embedded analytics tool. Prior to 1.58.15, 1.59.12, 1.60.6.3, and 1.61.1.4, Metabase instances with an H2 database connection, including the default sample database, deserialize arbitrary Java objects returned in H2 native query result columns ...

9.9CVSS
Exploits0References6
NVD
NVD
added yesterday6 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-59207

n8n is an open source workflow automation platform. Prior to 2.27.4 and 2.28.1, the AI Agents feature did not enforce the Allowed HTTP Request Domains restriction configured on credentials when an MCP tool was pointed at an arbitrary URL, allowing a member-level user with use-only access to a...

7.1CVSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-59208

n8n is an open source workflow automation platform. Prior to 2.27.4 and from 2.28.0 prior to 2.28.1, n8n instances configured with more than one trusted token-exchange issuer resolved external identities to local accounts using only the JWT sub claim and ignored the iss claim, allowing an attacke...

7.6CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2026-42613

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-59209

n8n is an open source workflow automation platform. Affected versions prior to 1.123.61, 2.27.4, and 2.28.1 expose a vulnerability where an authenticated user with editor access to a shared workflow can read credential-populated headers via the $request object inside an HTTP Request node’s pagina...

7.1CVSS5.9AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-54801

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains insufficient validation of authentication credentials when processing administrative account modifications through the we...

8.6CVSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-5005

CVE-2026-5005 : A stored cross-site scripting (XSS) vulnerability in Twiser Informatics Technology Consulting, Trade and Education Inc. OKRs & Goals due to improper input neutralization during web page generation. Affected versions are OKRs & Goals from 28220 before 28398. The CVSS 3.1 vector ind...

5.4CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder