Lucene search
K

2020 matches found

Nuclei
Nuclei
added yesterday26 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS5.8AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added 2 days ago46 views

11in1 CMS 1.2.1 - Local File Inclusion (LFI)

Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. dot dot in the class parameter to 1 index.php or 2 admin/index.php. id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion LFI author: daffainfo...

5CVSS6AI score0.09794EPSS
Exploits2References4
Nuclei
Nuclei
added 3 days ago75 views

Apache Solr - Host Environment Variables Leak via Metrics API

Exposure of Sensitive Information to an Unauthorized Actor Vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users can specify which environment variables to hide, however, the default list is designed to wor...

6.5CVSS6.5AI score0.68665EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago9 views

Milvus - Unauthenticated Metrics API Access

Milvus 2.5.27 and 2.6.10 contains an authentication bypass caused by weak default token and unauthenticated REST API on TCP port 9091, letting attackers perform arbitrary expression evaluation and data manipulation, exploit requires network access to port 9091. id: CVE-2026-26190 info: name: Milv...

9.8CVSS5.9AI score0.27661EPSS
Exploits1References3
Chainguard
Chainguard
added 5 days ago4 views

GHSA-45GG-VH54-H5M9 vulnerabilities

Vulnerabilities for packages: kine, zot, istio, tekton-pipelines, gitlab-kas, argo-workflows-fips, frankenphp-8.5, trivy-operator, rancher-agent, trivy-fips, seaweedfs-rocksdb, kyverno-fips, seaweedfs-rocksdb-fips, zarf, frankenphp-8.4, containerd, skaffold-fips, coder, backup-restore-operator,...

5.8AI score
Exploits0
NVD
NVD
added 5 days ago6 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago23 views

CVE-2026-55838 RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago6 views

CVE-2026-55838

CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00098EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-13322 Kubevirt: virt-handler-rhel9: kubevirt: unbounded virtio-serial readline in virt-handler causes oom denial of service

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS0.00098EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39599

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00098EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-13322

A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine, which buffers input indefinitely until a newline character is received, with no length limit or read deadline. A user with access to a VM guest that has the...

3.8CVSS5.8AI score0.00098EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago14 views

PT-2026-52966

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

GO-2026-5662 Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus

Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References4
OSV
OSV
added 6 days ago3 views

GO-2026-5106 CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg

CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL superuser and OS RCE in github.com/cloudnative-pg/cloudnative-pg...

9.9CVSS5.8AI score0.0048EPSS
Exploits0References5
OSV
OSV
added last week7 views

MAL-2026-6432 Malicious code in rstreams-metrics (npm)

The rstreams-metrics npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

6.2AI score
Exploits0References3
NVD
NVD
added 2026/06/23 1:16 p.m.14 views

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

5.3CVSS0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.36 views

CVE-2026-56371 ImageMagick - Memory Leak in TXT File Processing via Texture Attribute

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.10 views

CVE-2026-56371

ImageMagick versions prior to 7.1.2-15 and 6.9.13-40 are affected by a memory leak in the txt coder when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released if GetTypeMetrics fails, leaking memory per crafted TXT file and enabling potential DoS...

5.3CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder