Lucene search
K

1841 matches found

Vulnrichment
Vulnrichment
added 2026/06/30 9:39 p.m.7 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS6.1AI score0.00184EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 9:39 p.m.29 views

CVE-2026-10585 Stored cross-site scripting vulnerability in GitHub Enterprise Server allowed arbitrary JavaScript execution via crafted Discussion titles in the Q&A category

A stored cross-site scripting vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to execute arbitrary JavaScript in another user's browser by injecting a crafted payload into the title of a Discussion in the Q&A category. The...

6.3CVSS0.00184EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52918

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize acceptq access btsockpoll walks the accept queue without synchronization, while child teardown can unlink the same socket and drop its last reference. The unsynchronized accept queue walk has existed since th...

8.8CVSS5.7AI score0.00266EPSS
Exploits0
CVE
CVE
added 2026/06/23 1:31 p.m.22 views

CVE-2026-11772

DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...

5.1CVSS6.1AI score0.00378EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:13 p.m.10 views

Out-of-bounds Write

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.8CVSS5.3AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 4:3 p.m.41 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

0.00259EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 4:3 p.m.62 views

CVE-2026-42770

CVE-2026-42770 affects OpenSSL FIPS modules (4.0, 3.6, 3.5, 3.4, 3.0) and related deployments using EVP_PKEY_derive_set_peer() with DHX/X9.42 keys. The vulnerability arises when the subgroup check Y^q ≡ 1 (mod p) uses the peer’s q instead of the local key’s q, allowing a malicious X9.42 peer to c...

3.7CVSS5.4AI score0.00259EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.11 views

CVE-2026-42770 FFC-DH Peer Validation Uses Attacker-Supplied q

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

5.4AI score0.00259EPSS
Exploits0References6
OSV
OSV
added 2026/06/09 12:0 a.m.9 views

UBUNTU-CVE-2026-42770

Issue summary: When EVPPKEYderivesetpeer is called with a DHX X9.42 peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which presents an X9.42 key carrying the victim's p and g parameters, a forged q = r a small prime factor of the cofacto...

3.7CVSS5.2AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 2026/06/07 7:24 p.m.8 views

MINI-5Q5F-625V-G6M2

Bulletin has no description...

9.1CVSS5.2AI score0.00487EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-7584

The LabOne Q serialization framework uses a class-loading mechanism importcls to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target...

8.4CVSS6.3AI score0.00256EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.9 views

CVE-2026-24189

NVIDIA CUDA-Q contains a vulnerability in an endpoint, where an unauthenticated attacker could cause an out-of-bounds read by sending a maliciously crafted request. A successful exploit of this vulnerability might lead to denial of service and information disclosure...

8.2CVSS5.4AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:52 p.m.5 views

MINI-Q782-MFCW-XXH7

Bulletin has no description...

6.5CVSS5.2AI score0.00196EPSS
Exploits0
OSV
OSV
added 2026/06/05 12:47 p.m.4 views

MINI-526Q-5PHR-8X39

Bulletin has no description...

7.5CVSS5.2AI score0.0056EPSS
Exploits0
OSV
OSV
added 2026/06/05 4:7 a.m.8 views

MINI-Q23J-6JM5-Q5JQ

Bulletin has no description...

8.3CVSS5.7AI score0.00501EPSS
Exploits0
OSV
OSV
added 2026/06/04 4:27 p.m.9 views

MINI-R335-PRJG-Q777

Bulletin has no description...

7.5CVSS5.7AI score0.00415EPSS
Exploits0
OSV
OSV
added 2026/06/04 12:21 p.m.6 views

MINI-6Q27-3PQQ-VVP2

Bulletin has no description...

9.1CVSS5.7AI score0.00525EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.13 views

SUSE CVE-2026-46273

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

5.5CVSS5.6AI score0.00389EPSS
Exploits0References15
NVD
NVD
added 2026/05/30 4:17 p.m.18 views

CVE-2018-25413

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.8 views

CVE-2018-25413 AiOPMSD Final 1.0.0 SQL Injection via search.php

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
Rows per page
Query Builder