Lucene search
+L

37 matches found

euvd
euvd
added 2 days ago5 views

EUVD-2026-39512

K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression...

5.8CVSS6.1AI score0.00122EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/25 5:56 p.m.6 views

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS6AI score0.00122EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.8 views

PT-2026-52538

Name of the Vulnerable Software and Affected Versions K3s versions prior to 1.35.3+k3s1 K3s versions prior to 1.34.6+k3s1 K3s versions prior to 1.33.10+k3s1 Description A path traversal issue exists in the etcd snapshot decompression functionality. This occurs when an administrator restores a...

5.8CVSS6.2AI score0.00122EPSS
Exploits0References5
osv
osv
added 2026/05/18 1:40 p.m.17 views

CLEANSTART-2026-UW03847 Security fixes for CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2026-24051, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33186, CVE-2026-33810, CVE-2026-35469, CVE-2026-39883, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3, ghsa-pc3f-x583-g7j2 applied in versions: 1.34.2-r0, 1.35.0-r0, 1.35.3-r0, 1.35.3-r1, 1.35.3-r2

Multiple security vulnerabilities affect the kubernetes package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.9AI score0.00761EPSS
Exploits5References36
vulnersosv
vulnersosv
added 2026/02/19 7:34 p.m.7 views

agentiq-semantic-kernel (>=1.0.0 <=1.1.0a20250428), aiqtoolkit-semantic-kernel (>=1.1.0 <=1.2.0rc4) +4 more potentially affected by CVE-2026-26030 via semantic-kernel (>=1.0.0rc1 <=1.35.3)

semantic-kernel PYPI version =1.0.0rc1, =1.0.0, =1.1.0, =0.1.1, =0.2.0, =1.2.0, =0.0.1, =0.0.4 Source cves: CVE-2026-26030 Source advisory: SNYK:PYTHON-SEMANTICKERNEL-15323118...

9.9CVSS5.4AI score0.02914EPSS
Exploits2
cve
cve
added 2026/02/11 9:14 p.m.37 views

CVE-2026-26012

CVE-2026-26012 affects vaultwarden (unofficial Bitwarden server in Rust). Prior to 1.35.3, a regular organization member could retrieve all ciphers within an organization via the /ciphers/organization-details endpoint, which internally uses Cipher::find_by_org and returns ciphers with CipherSyncT...

6.5CVSS5.5AI score0.00331EPSS
Exploits2References2Affected Software1
ptsecurity
ptsecurity
added 2026/02/11 12:0 a.m.9 views

PT-2026-7721

Name of the Vulnerable Software and Affected Versions vaultwarden versions prior to 1.35.3 Description vaultwarden, an unofficial Bitwarden compatible server written in Rust, previously known as bitwarden rs, had a flaw where a standard organization member could access all ciphers within an...

6.5CVSS5.4AI score0.00331EPSS
Exploits2References9
cnnvd
cnnvd
added 2026/02/11 12:0 a.m.8 views

Vaultwarden 安全漏洞

Vaultwarden is an alternative implementation of the Bitwarden server API, developed by Daniel García using Rust. Versions of Vaultwarden prior to 1.35.3 contained a security vulnerability. This vulnerability stemmed from improper access control for endpoints, ciphers, and organization-details,...

6.5CVSS5.8AI score0.00331EPSS
Exploits2References2
redhatcve
redhatcve
added 2025/12/03 7:5 p.m.13 views

CVE-2025-66460

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...

6.1CVSS6.7AI score0.00161EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/03 7:5 p.m.17 views

CVE-2025-66459

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

6.1CVSS6AI score0.00263EPSS
Exploits0References1
nvd
nvd
added 2025/12/02 7:15 p.m.9 views

CVE-2025-66460

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...

6.1CVSS0.00161EPSS
Exploits0References2
nvd
nvd
added 2025/12/02 7:15 p.m.26 views

CVE-2025-66459

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

6.1CVSS0.00263EPSS
Exploits0References4
nvd
nvd
added 2025/12/02 7:15 p.m.31 views

CVE-2025-66458

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

6.1CVSS0.00161EPSS
Exploits0References2
osv
osv
added 2025/12/02 6:34 p.m.6 views

CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...

5.3CVSS6.6AI score0.00161EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2025/12/02 6:34 p.m.4 views

CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...

5.3CVSS6.3AI score0.00161EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/12/02 6:32 p.m.4 views

CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

5.3CVSS5.6AI score0.00263EPSS
Exploits0References4
cvelist
cvelist
added 2025/12/02 6:32 p.m.12 views

CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

5.3CVSS0.00263EPSS
Exploits0References4
euvd
euvd
added 2025/12/02 6:32 p.m.5 views

EUVD-2025-200304

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

5.3CVSS5.5AI score0.00263EPSS
Exploits0References4
cve
cve
added 2025/12/02 6:32 p.m.14 views

CVE-2025-66459

CVE-2025-66459 affects Lookyloo prior to version 1.35.3. The vulnerability is an XSS caused by unescaped/error message content that is propagated to innerHTML when a capture fails and the list of URLs includes an HTML element. Multiple connected sources (NVD, Red Hat, CVE list, OSV, CNNVD, etc.) ...

6.1CVSS5.6AI score0.00263EPSS
Exploits0References4Affected Software1
osv
osv
added 2025/12/02 6:32 p.m.8 views

CVE-2025-66459 Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, a XSS vulnerability can be triggered when a user submits a list of URLs to capture, one of them contains a HTML element, and the capture fails. Then, t...

5.3CVSS5.9AI score0.00263EPSS
Exploits0References6
Rows per page
Query Builder