Lucene search
K

63 matches found

Cvelist
Cvelist
added 2026/07/07 12:0 a.m.24 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

0.00141EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 12:0 a.m.13 views

CVE-2026-36163

CVE-2026-36163 describes an HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7. Authenticated attackers can upload and interact with a crafted HTML file to trigger arbitrary JavaScript execution in the victim’s browser. The affected component is the file view handling pa...

5.4CVSS6.2AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56277

Name of the Vulnerable Software and Affected Versions LiquidFiles version 4.2.7 Description An HTML injection issue exists in the file view endpoint. This allows authenticated attackers to execute arbitrary JavaScript within the victim's browser by uploading a specially crafted HTML file and...

5.4CVSS6.3AI score0.00141EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54831

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description Insufficient authorization enforcement occurs in the '/customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure' endpoint. This allows an authenticated user with low privileges to retrieve...

7.1CVSS5.8AI score0.00183EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-56781

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 5:15 p.m.34 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 5:15 p.m.9 views

CVE-2026-56781

The CVE-2026-56781 entry details an improper access control in Teable prior to 2026-06-15T04-43-24Z.1912 where anonymous attackers can access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 4:30 a.m.15 views

CVE-2026-13535

CodeAstro HRMS 1.0 is affected by an SQL injection in the View Endpoint’s GetFileInfo (Employee_model.php). Manipulating the ID argument enables remote SQL injection, with proofs-of-concept published. Root cause: unsafely concatenated or unsanitized ID in GetFileInfo; impact is limited to confide...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 4:30 a.m.37 views

CVE-2026-13535 CodeAstro Human Resource Management System View Endpoint Employee_model.php GetFileInfo sql injection

A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...

6.5CVSS0.00204EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.17 views

PT-2026-51213

Name of the Vulnerable Software and Affected Versions BerriAI litellm versions prior to 1.82.3 Description Improper authorization occurs in the ui view users function located in the litellm/proxy/management endpoints/internal user endpoints.py file. This flaw allows a remote attacker to bypass...

5.3CVSS6.2AI score0.00288EPSS
Exploits1References11
NVD
NVD
added 2026/06/19 6:16 p.m.15 views

CVE-2019-25758

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS0.0067EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:35 p.m.6 views

EUVD-2019-20194

Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the profilepic parameter. Attackers can upload PHP files via POST requests to the employee view endpoint and...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50994

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An unrestricted file upload issue allows authenticated attackers to upload arbitrary PHP files. This is achieved by submitting malicious files through the profile pic parameter via POST request...

8.8CVSS6.4AI score0.0067EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6593

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS3.9AI score0.00206EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 3:34 a.m.6 views

EUVD-2026-23739

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS4AI score0.00206EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/20 1:30 a.m.5 views

CVE-2026-6593 ComfyUI View Endpoint server.py cross site scripting

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS4AI score0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/20 1:30 a.m.34 views

CVE-2026-6593 ComfyUI View Endpoint server.py cross site scripting

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS0.00206EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:30 a.m.3 views

CVE-2026-6593

A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made...

5.1CVSS4AI score0.00206EPSS
Exploits0References4
CVE
CVE
added 2026/04/20 1:30 a.m.19 views

CVE-2026-6593

CVE-2026-6593 affects ComfyUI up to 0.13.0. The issue lies in the View Endpoint’s file server.py, where manipulation can trigger cross-site scripting. Exploitation is remote and the exploit has been published. Vendor was contacted but did not respond. Impact details are limited to what the CVEs d...

5.1CVSS4AI score0.00206EPSS
Exploits0References4
OSV
OSV
added 2026/04/01 8:35 a.m.10 views

BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs

Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...

6.9CVSS5.9AI score0.00387EPSS
Exploits1References3
Rows per page
Query Builder