Lucene search
K

1056 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-61504

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.4CVSS0.00173EPSS
Exploits0References2
Nuclei
Nuclei
added 3 days ago53 views

Cisco RV132W/RV134W Router - Information Disclosure

Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. id: CVE-2018-012...

9.8CVSS7.1AI score0.77605EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/09 6:52 a.m.7 views

EUVD-2026-42523

The Connect Contact Form 7 and Mailchimp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Mailchimp Merge Field Values in all versions up to, and including, 0.9.78.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS6.2AI score0.0034EPSS
Exploits0References10
OSV
OSV
added 2026/07/07 4:50 p.m.7 views

GHSA-8GH5-QQH8-HQ3X Open WebUI allows limited stored XSS vila uploaded html file

Summary Low privileged users can upload HTML files which contain JavaScript code via the /api/v1/files/ backend endpoint. This endpoint returns a file id, which can be used to open the file in the browser and trigger the JavaScript code in the user's browser. Under the default settings, files...

6.4CVSS6AI score0.003EPSS
Exploits1References6
EUVD
EUVD
added 2026/07/01 5:21 p.m.9 views

EUVD-2026-41101

Improper Output Neutralization for Logs CWE-117 in Kibana can lead to log injection via Log Injection-Tampering-Forging CAPEC-93. An attacker can supply specially crafted input that is written to log files without proper neutralization. When the log files are subsequently viewed in a terminal tha...

8CVSS5.8AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54770

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description Improper output neutralization for logs allows for log injection. An attacker can provide specially crafted input that is written to log files without being properly neutralized. If these log...

8CVSS5.8AI score0.00201EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/26 10:6 a.m.36 views

CVE-2026-57913

Johnson & Johnson Audit Tracking Management System ATMS before 2026-04-21 allows viewing of meeting minutes and transcripts...

7.5CVSS0.00245EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 10:4 a.m.10 views

EUVD-2026-39643

Johnson & Johnson Campus Recruiting before 2025-10-31 allows viewing of data provided by recruited students, and notes entered about students by interviewers...

7.5CVSS5.8AI score0.00245EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 11:6 p.m.43 views

CVE-2026-39948

Cacti

9.8CVSS5.9AI score0.00456EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 11:6 p.m.29 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:6 p.m.3 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS6.1AI score0.00456EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS0.00363EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.8AI score0.00363EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/24 9:45 p.m.8 views

CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS5.9AI score0.00363EPSS
Exploits0
NVD
NVD
added 2026/06/23 5:16 p.m.10 views

CVE-2026-44956

Low‑privileged users could use their Full Name as a vector for a stored XSS attack. The name is included in system‑generated emails, whose content is stored in the details field of the userlog table. An admin user viewing the email content through userlog-details.php would have any malicious...

0.00339EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51525

Name of the Vulnerable Software and Affected Versions HCL Connections affected versions not specified Description Broken access control may allow an unauthorized user to view data in a single specific scenario. Recommendations At the moment, there is no information about a newer version that...

3.5CVSS5.8AI score0.00098EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 5:16 p.m.16 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS0.01316EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 12:0 a.m.19 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

0.01316EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 12:0 a.m.11 views

EUVD-2026-37918

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 including earlier versions were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as root via a crafted input...

9.8CVSS5.9AI score0.01316EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 12:0 a.m.29 views

CVE-2026-38715

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (and earlier) contain a command injection vulnerability in the log viewing function. The issue allows remote attackers to execute arbitrary commands as root via crafted input, yielding a CRITICAL (CVSS 3.1: 9.8) impact with network attac...

9.8CVSS6AI score0.01316EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder