Lucene search
K

14739 matches found

RedhatCVE
RedhatCVE
added 2026/01/30 3:40 p.m.12 views

CVE-2026-1469

Stored Cross-Site Scripting XSS in RLE NOVA's PlanManager. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting malicious payload through the ‘comment’ and ‘brand’ parameters in ‘/index.php’. The payload is stored by the application and subsequentl...

6.9CVSS6AI score0.00136EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/01/30 2:46 p.m.151 views

xss

No d...

5.9AI score
Exploits0
Snyk
Snyk
added 2026/01/29 8:51 p.m.7 views

Directory Traversal

Overview Umbraco.Forms is an a form creator that's as easy to use. Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter of the export endpoint. An attacker can access and read arbitrary files on the filesystem by submitting specially crafted requests...

6.5CVSS6.3AI score0.0042EPSS
Exploits0References2
NVD
NVD
added 2026/01/29 8:16 p.m.5 views

CVE-2026-24687

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6.5CVSS0.0042EPSS
Exploits0References1
OSV
OSV
added 2026/01/29 7:57 p.m.4 views

CVE-2026-24687 Umbraco.Forms has path traversal and file enumeration vulnerability in Linux/Mac

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Cloud...

6CVSS5.8AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 2026/01/28 5:9 p.m.10 views

CVE-2025-57793

CVE-2025-57793 affects Explorance Blue before 8.14.9. The vulnerability is a SQL injection caused by insufficient validation of user-supplied input in a web application component, allowing crafted input to be executed in backend queries. The issue is exploitable without authentication, heightenin...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

Explorance Blue security vulnerabilities

Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.9 contained security vulnerabilities. These vulnerabilities were due to insufficient input validation on the web application endpoints, which could...

10CVSS5.9AI score0.0039EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

Explorance Blue security vulnerabilities

Explorance Blue is a learning experience management software developed by the Canadian company Explorance. Versions of Explorance Blue prior to 8.14.9 contained security vulnerabilities. These vulnerabilities were due to insufficient input validation in the web application components, which could...

8.6CVSS5.9AI score0.00325EPSS
Exploits0References5
OSV
OSV
added 2026/01/27 5:16 p.m.4 views

CVE-2025-69564

code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirmpassword, Role, Branch, and Activate parameters...

9.8CVSS5.9AI score0.00402EPSS
Exploits1References2
OSV
OSV
added 2026/01/27 5:16 p.m.1 views

CVE-2025-69559

code-projects Computer Book Store 1.0 is vulnerable to File Upload in adminadd.php...

9.8CVSS5.8AI score0.005EPSS
Exploits1References2
NVD
NVD
added 2026/01/27 5:16 p.m.6 views

CVE-2025-69559

code-projects Computer Book Store 1.0 is vulnerable to File Upload in adminadd.php...

9.8CVSS0.005EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/01/27 4:58 p.m.143 views

xss-attacks

...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/01/27 4:29 p.m.4 views

EUVD-2026-4748

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in ‘/evaluacionaccionesverauto.aspx’, could allow an attacker to extract...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/01/27 10:15 a.m.5 views

CVE-2026-24346

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...

9.1CVSS5.8AI score0.00226EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/27 9:18 a.m.3 views

EUVD-2026-4823

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 9:18 a.m.2 views

CVE-2026-24346

Use of well-known default credentials in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to access protected areas in the web application...

7.6CVSS5.9AI score0.00226EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-4881

Name of the Vulnerable Software and Affected Versions EZCast Pro II version 1.17478.146 Description The Admin UI of EZCast Pro II utilizes well-known default credentials, potentially allowing attackers to gain access to protected areas within the web application. Recommendations Change the defaul...

9.1CVSS5.4AI score0.00226EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/01/26 12:8 p.m.201 views

Exploit for CVE-2026-22686

CVE-2026-22686 Web Application PoC Critical Sandbox Escape...

10CVSS6.2AI score0.00588EPSS
Exploits3
NVD
NVD
added 2026/01/24 12:15 a.m.9 views

CVE-2026-24136

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

8.7CVSS0.00364EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/23 11:38 p.m.9 views

CVE-2026-24136 Saleor has an Insecure Direct Object Reference (IDOR) in GraphQL API

Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference IDOR vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor...

8.7CVSS5.8AI score0.00364EPSS
Exploits1References5
Rows per page
Query Builder