Lucene search
K

11603 matches found

Cvelist
Cvelist
added 9 hours ago8 views

CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS
Exploits0References1
CVE
CVE
added 9 hours ago4 views

CVE-2026-31981

A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....

5.9CVSS6AI score
Exploits0References1
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-42531

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added 12 hours ago5 views

WPBot <= 8.4.9 - Cross-Site Scripting

WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...

7.2CVSS5.8AI score0.00241EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago5 views

Dashy <= 4.3.6 - Reflected XSS via Workspace

Dashy versions up to 4.3.6 contain a reflected cross-site scripting vulnerability in the workspace view. The url query parameter is passed directly to an iframe src attribute without scheme validation, allowing an attacker to inject javascript: URIs that execute arbitrary JavaScript in the contex...

3.9CVSS5.9AI score0.00255EPSS
Exploits0References2
Cvelist
Cvelist
added 16 hours ago7 views

CVE-2026-15137 code-projects Interview Management System View.php sql injection

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS
Exploits0References6
CVE
CVE
added 16 hours ago8 views

CVE-2026-15137

CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...

7.5CVSS5.9AI score
Exploits0References6
EUVD
EUVD
added 16 hours ago7 views

EUVD-2026-42493

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS6.9AI score
Exploits0References6
CVE
CVE
added yesterday21 views

CVE-2025-12506

GitLab CE/EE had a vulnerability (CVE-2025-12506) across all affected branches: 16.5–before 18.11.7, 19.0–before 19.0.4, and 19.1–before 19.1.2, where under certain conditions an authenticated user could create a repository in which the content shown in the web interface differed from the content...

3.5CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-60124

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42239

An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...

5.3CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday6 views

CVE-2026-13128

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday8 views

CVE-2026-13128

Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2 days ago5 views

CVE-2026-36163

An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...

5.4CVSS0.00171EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-48950

Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...

8.4CVSS0.00269EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00269EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42070

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-48952

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2 days ago7 views

CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer

Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References1
Rows per page
Query Builder