Lucene search
K

240461 matches found

EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-43538

OpenClaw versions 2026.5.28 before 2026.6.6 contain an authorization bypass vulnerability in native web search that allows lower-trust callers to perform actions requiring stronger policy checks. Attackers can exploit misconfigured input paths to bypass intended authorization controls and execute...

5.3CVSS6.2AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added yesterday17 views

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

8.5CVSS6.1AI score
Exploits0Affected Software1
OSV
OSV
added yesterday2 views

MAL-2026-10515 Malicious code in nodemon-web (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3f5aa35dd34f3c1d075d6ebee3f25a0445780f6f2c78d55a958868e530fe315 nodemon-web copies the source of the popular nodemon package verbatim and reuses Remy Sharp's author metadata and the...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-49972

CVE-2026-49972 affects Laravel-Mediable prior to 7.0.0. A file upload vulnerability enables unauthenticated remote code execution via a double extension (e.g., shell.php.jpg). The attacker relies on PATHINFO_FILENAME preserving the inner .php extension in the base name, and on misconfigured serve...

8.8CVSS6.5AI score
Exploits0References3
OSV
OSV
added yesterday19 views

ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.0048EPSS
Exploits2
OSV
OSV
added yesterday4 views

ROOT-APP-MAVEN-CVE-2026-47838 CVE-2026-47838 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-47838 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

8.1CVSS6.1AI score0.00116EPSS
Exploits0
Circl
Circl
added yesterday5 views

CVE-2026-57770

creationtimestamp| type| source ---|---|--- 2026-07-13 10:41:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjiyawyja25 2026-07-13 11:26:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqjlhmqfs62r...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-57780

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Envision Envision Page Builder envision-page-builder allows DOM-Based XSS.This issue affects Envision Page Builder: from n/a through = 0.22...

6.5CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-57783

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in merkulove Speaker speaker allows Stored XSS.This issue affects Speaker: from n/a through = 4.1.13...

6.5CVSS0.00218EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57732

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Opt-In Builder td-subscription allows DOM-Based XSS.This issue affects tagDiv Opt-In Builder: from n/a through = 1.7.4...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57728

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Reflected XSS.This issue affects Flatsome: from n/a through = 3.20.5...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57668

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Basix NEX-Forms nex-forms-express-wp-form-builder allows Stored XSS.This issue affects NEX-Forms: from n/a through = 9.2.2...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57399

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Proxy & VPN Blocker Proxy & VPN Blocker proxy-vpn-blocker allows Stored XSS.This issue affects Proxy & VPN Blocker: from n/a through = 3.5.8...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57394

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Reflected XSS.This issue affects Newsletters: from n/a through = 4.14...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57388

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.44...

7.1CVSS0.00251EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tangible Loops & Logic tangible-loops-and-logic allows Stored XSS.This issue affects Loops & Logic: from n/a through = 4.2.3...

6.5CVSS0.00235EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57365

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hitesh Chandwani reCAPTCHA v2 & v3 for Asgaros Forum recaptcha-for-asgaros-forum allows DOM-Based XSS.This issue affects reCAPTCHA v2 & v3 for Asgaros Forum: from n/a through = 1.1.0...

6.5CVSS0.00224EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-22102

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS0.00431EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-22096

The webserver running on port 8090 does not require authentication. This allows for sensitive information leakage such as configured passwords, or uploading files through different endpoints...

9.3CVSS0.00422EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-22095

The network diagnosis endpoint on the web server at port 8090 is vulnerable to command injection...

9.3CVSS0.00976EPSS
Exploits0References1
Rows per page
Query Builder