Lucene search
K

1051 matches found

NVD
NVD
added 2026/04/21 8:17 p.m.9 views

CVE-2026-40873

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine details modal injects attachment filenames into HTML without escaping, allowing arbitrary HTML/JS execution. An attacker can deliver an email with a crafted attachment name s...

8.9CVSS0.00325EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2026-23929

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 5:27 p.m.6 views

CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.9 views

PT-2026-33822

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT Report::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References5
CISA KEV Catalog
CISA KEV Catalog
added 2026/04/20 12:0 a.m.6 views

Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...

7.5CVSS6.1AI score0.10245EPSS
In wildExploits0
EUVD
EUVD
added 2026/04/14 8:2 p.m.4 views

EUVD-2026-22660

October CMS has Stored XSS in Event Log Mail Preview...

5.1CVSS5.8AI score0.00198EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 8:2 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the mail preview feature of the Event Log, where HTML content is rendered in an iframe without proper sandboxing. An attacker can execute arbitrary JavaScript in the context of a privileged user's browser by...

5.4CVSS5.7AI score0.00198EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 5:34 p.m.30 views

CVE-2026-24907

CVE-2026-24907 affects October CMS: versions prior to 3.7.14 and 4.1.10 contain a stored XSS in the Event Log mail preview feature. HTML is rendered in an iframe without proper sandboxing when viewing logged mail messages, allowing JavaScript execution in the viewer’s browser context. The issue i...

5.4CVSS5.8AI score0.00198EPSS
Exploits0References1Affected Software1
Fedora
Fedora
added 2026/04/13 9:7 p.m.7 views

[SECURITY] Fedora 44 Update: geeqie-2.7-2.fc44

Geeqie has been forked from the GQview project with the goal of picking up development and integrating patches. It is an image viewer for browsing through graphics files. Its many features include single click file viewing, support for external editors, previewing images using thumbnails, and zoo...

9.8CVSS5.7AI score0.00735EPSS
Exploits3
OSV
OSV
added 2026/04/10 11:36 a.m.2 views

SUSE-SU-2026:1252-1 Security update for tigervnc

This update for tigervnc fixes the following issues: - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. bsc1260871...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31110

Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to and including 6.3.7 Description The Awesome Support – WordPress HelpDesk & Support Plugin is susceptible to an Insecure Direct Object Reference issue. The wpas get ticket...

5.3CVSS5.7AI score0.00327EPSS
Exploits0References9
CVE
CVE
added 2026/04/04 1:51 p.m.8 views

CVE-2018-25247

The CVE-2018-25247 entry concerns MyBB Like Plugin 3.0.0, which is vulnerable to cross-site scripting via user profiles. The root cause is unvalidated subject content in posts/threads, allowing an attacker to craft post subjects containing script tags that execute when other users view the attack...

6.1CVSS5.7AI score0.00221EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/27 12:31 a.m.3 views

EUVD-2026-16468

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...

8.5CVSS5.8AI score0.00247EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/03/26 10:30 p.m.4 views

CVE-2026-34352

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...

9.8CVSS5.2AI score0.00247EPSS
Exploits0
CVE
CVE
added 2026/03/23 8:48 p.m.20 views

CVE-2026-23488

Blinko is affected prior to version 1.8.4. The /api/v1/comment/create endpoint allows unauthorized posting of comments to any note (including private ones), and /api/v1/comment/list allows unauthorized viewing of comments on all notes. The issue is fixed in version 1.8.4. CVSS v4.0 base score 6.9...

6.9CVSS5.7AI score0.00305EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2026/03/17 12:0 a.m.3 views

Adobe Commerce License Issues Vulnerability (CNVD-2026-15169)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an authorization issue vulnerability that can be exploited by an attacker to bypass security measures and gain unauthorized viewing...

7.5CVSS5.9AI score0.0056EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.6 views

EUVD-2026-12071

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

5.1CVSS5.8AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.8 views

IBM CICS Transaction Gateway for Multiplatforms 访问控制错误漏洞

IBM CICS Transaction Gateway for Multiplatforms is a transaction gateway software developed by the American multinational company International Business Machines IBM. Versions 9.3 and 10.1 of IBM CICS Transaction Gateway for Multiplatforms contain access control vulnerability issues. These...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/13 8:11 p.m.2 views

CVE-2026-0977

IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...

5.1CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.5 views

PT-2026-25371

CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls. https://t.co/mXB9t9PNuK...

5.1CVSS5.8AI score0.00205EPSS
Exploits0References3
Rows per page
Query Builder