Anubis
You must login to view this content
Aggregator
Anubis
3 weeks 1 day ago
You must login to view this content
cohenido
Submit #822957: theonedev onedev 15.05 BOPLA [Accepted]
3 weeks 1 day ago
Submit #822957 / VDB-369021
Submit #822956: theonedev onedev 15.05 BOPLA [Accepted]
3 weeks 1 day ago
Submit #822956 / VDB-369020
Submit #822955: theonedev onedev 15.05 BOPLA [Accepted]
3 weeks 1 day ago
Submit #822955 / VDB-369019
Submit #822944: theonedev onedev 15.05 BOPLA [Accepted]
3 weeks 1 day ago
Submit #822944 / VDB-369018
CVE-2026-11437 | perfree go-fastdfs-web up to 1.3.7 Installation Endpoint /install/checkServer server-side request forgery (EUVD-2026-34972)
3 weeks 1 day ago
A vulnerability was found in perfree go-fastdfs-web up to 1.3.7 and classified as critical. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can lead to server-side request forgery.
This vulnerability is handled as CVE-2026-11437. The attack can be executed remotely. Additionally, an exploit exists.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-11436 | Mage AI up to 0.9.79 Sign-in Flow index.tsx useMutation query.redirect_url cross site scripting (EUVD-2026-34971)
3 weeks 1 day ago
A vulnerability has been found in Mage AI up to 0.9.79 and classified as problematic. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirect_url results in cross site scripting.
This vulnerability is known as CVE-2026-11436. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2026-11435 | Jinher OA 1.0 nextselectplan.aspx httpOID sql injection (EUVD-2026-34970)
3 weeks 1 day ago
A vulnerability, which was classified as critical, was found in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection.
This vulnerability is traded as CVE-2026-11435. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #822726: perfree go-fastdfs-web ≤1.3.7 Server-Side Request Forgery [Accepted]
3 weeks 1 day ago
Submit #822726 / VDB-369017
din4
CVE-2026-11434 | FluentCMS 0.0.5 Blocks Plugin /admin/blocks cross site scripting (EUVD-2026-34969)
3 weeks 1 day ago
A vulnerability, which was classified as problematic, has been found in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting.
This vulnerability appears as CVE-2026-11434. The attack may be initiated remotely. In addition, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #822710: Mage AI 0.9.79 DOM-Based XSS, Open Redirect [Accepted]
3 weeks 1 day ago
Submit #822710 / VDB-369016
trebledj
CVE-2026-25624 | Arista Edge Threat Management up to 17.4.0 Web User Interface cross site scripting
3 weeks 1 day ago
A vulnerability classified as problematic was found in Arista Edge Threat Management up to 17.4.0. The affected element is an unknown function of the component Web User Interface. The manipulation results in cross site scripting.
This vulnerability is reported as CVE-2026-25624. The attack can be launched remotely. No exploit exists.
vuldb.com
CVE-2026-11416 | jxxghp MoviePilot up to 2.13.3 Remote Cloud Storage API path traversal (EUVD-2026-34920)
3 weeks 1 day ago
A vulnerability classified as critical has been found in jxxghp MoviePilot up to 2.13.3. Impacted is an unknown function of the component Remote Cloud Storage API. The manipulation leads to path traversal.
This vulnerability is documented as CVE-2026-11416. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2026-11422 | shd101wyy Markdown Preview Enhanced/crossnote window.eval eval injection (Issue 2315)
3 weeks 1 day ago
A vulnerability described as problematic has been identified in shd101wyy Markdown Preview Enhanced and crossnote. This issue affects the function window.eval. Executing a manipulation can lead to improper neutralization of directives in dynamically evaluated code.
This vulnerability is registered as CVE-2026-11422. The attack needs to be launched locally. No exploit is available.
Upgrading the affected component is recommended.
vuldb.com
CVE-2026-11414 | Altium Enterprise Server up to 8.1.0 Vault Service hard-coded credentials
3 weeks 1 day ago
A vulnerability marked as critical has been reported in Altium Enterprise Server up to 8.1.0. This vulnerability affects unknown code of the component Vault Service. Performing a manipulation results in hard-coded credentials.
This vulnerability is cataloged as CVE-2026-11414. It is possible to initiate the attack remotely. There is no exploit available.
It is suggested to upgrade the affected component.
vuldb.com
CVE-2026-11424 | Altium Enterprise Server/365 up to 8.1.0 GraphQL Service server-side request forgery (EUVD-2026-34917)
3 weeks 1 day ago
A vulnerability labeled as critical has been found in Altium Enterprise Server and 365 up to 8.1.0. This affects an unknown part of the component GraphQL Service. Such manipulation leads to server-side request forgery.
This vulnerability is listed as CVE-2026-11424. The attack may be performed from remote. There is no available exploit.
The affected component should be upgraded.
vuldb.com
CVE-2026-46493 | haxtheweb haxcms-php up to 26.0.0 weak prng (GHSA-xg43-xm47-74cp)
3 weeks 1 day ago
A vulnerability identified as problematic has been detected in haxtheweb haxcms-php up to 26.0.0. Affected by this issue is some unknown functionality. This manipulation causes cryptographically weak prng.
This vulnerability is tracked as CVE-2026-46493. The attack is possible to be carried out remotely. No exploit exists.
You should upgrade the affected component.
vuldb.com
CVE-2026-46389 | defenseunicorns uds-identity-config up to 0.26.0 Keycloak Token Endpoint improper authentication (GHSA-8mg2-6588-r4hw)
3 weeks 1 day ago
A vulnerability categorized as critical has been discovered in defenseunicorns uds-identity-config up to 0.26.0. Affected by this vulnerability is an unknown functionality of the component Keycloak Token Endpoint. The manipulation results in improper authentication.
This vulnerability is identified as CVE-2026-46389. The attack can be executed remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
vuldb.com
Submit #822114: Jinher OA V1.0 SQL Injection [Accepted]
3 weeks 1 day ago
Submit #822114 / VDB-369015
Elymas