Lucene search
K

55672 matches found

CVE
CVE
added 1 hour ago2 views

CVE-2026-59710

showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src/subParsers/makehtml/tables.js that fails to properly escape table header ID attributes. Attackers can inject arbitrary HTML and script-executing SVG elements through double-quote characters in markdo...

6.1CVSS5.9AI score
Exploits0References4
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-25019

id: pretty-print uses effective GID instead of effective UID for name lookup...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
Circl
Circl
added 7 hours ago6 views

CVE-2025-53827

creationtimestamp| type| source ---|---|--- 2026-07-06 16:02:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpyhmrqo542c 2026-07-06 17:24:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mpym7ct5ri23...

9.1CVSS5.9AI score
Exploits0References2
Chainguard
Chainguard
added 8 hours ago4 views

CVE-2026-28292 vulnerabilities

Vulnerabilities for packages: gemini-cli...

9.8CVSS5.9AI score0.01296EPSS
Exploits1
NVD
NVD
added 11 hours ago6 views

CVE-2026-12686

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS
Exploits0References1
OSV
OSV
added 13 hours ago2 views

ROOT-APP-PYPI-CVE-2026-54273 CVE-2026-54273 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-54273 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

8.7CVSS5.8AI score0.00279EPSS
Exploits0
Cvelist
Cvelist
added 14 hours ago5 views

CVE-2026-12686 Incorrect authorisation in Adiss’s Biloop

An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised access to other companies hosted within the same subdomain environment. The application does not adequately verify whether the requested company ID belongs to the authenticated user...

9.3CVSS
Exploits0References1
Cvelist
Cvelist
added 14 hours ago7 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

Exploits0References1
ATTACKERKB
ATTACKERKB
added 14 hours ago3 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

6AI score
Exploits0References2Affected Software1
CVE
CVE
added 14 hours ago7 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS6AI score
Exploits0References2
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-41857

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 14 hours ago4 views

CVE-2026-48206

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

6.1AI score
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 14 hours ago3 views

CVE-2026-48204

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

6AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 14 hours ago5 views

EUVD-2026-41839

Improper Input Validation, Improper Access Control vulnerability in Apache Camel in Camel Mongodb Gridfs component. The camel-mongodb-gridfs producer selects the GridFS operation to perform from the gridfs.operation Exchange header when the endpoint's operation parameter is not set - which is the...

9.8CVSS6AI score
Exploits0References1
NVD
NVD
added 17 hours ago5 views

CVE-2026-14794

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS
Exploits0References6
Circl
Circl
added 18 hours ago6 views

CVE-2026-14778

creationtimestamp| type| source ---|---|--- 2026-07-06 04:35:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpxbbsa4hv26...

7.5CVSS5.9AI score
Exploits0References1
OSV
OSV
added 19 hours ago5 views

ROOT-OS-DEBIAN-13-CVE-2026-46216 CVE-2026-46216 in rootio-linux - Patched by Root

Root has patched CVE-2026-46216 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.2AI score0.00127EPSS
Exploits0
OSV
OSV
added 19 hours ago3 views

ROOT-OS-DEBIAN-13-CVE-2026-23373 CVE-2026-23373 in rootio-linux - Patched by Root

Root has patched CVE-2026-23373 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.9AI score0.00114EPSS
Exploits0
OSV
OSV
added 19 hours ago4 views

ROOT-OS-DEBIAN-13-CVE-2025-68776 CVE-2025-68776 in rootio-linux - Patched by Root

Root has patched CVE-2025-68776 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00173EPSS
Exploits0
EUVD
EUVD
added 19 hours ago6 views

EUVD-2026-41805

A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument userGroupId causes improper authorization. The attack is...

5.3CVSS5.5AI score
Exploits0References6
Rows per page
Query Builder