Lucene search
K

50 matches found

Cvelist
Cvelist
added 2026/06/12 2:27 a.m.29 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS0.00155EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/08 2:21 a.m.9 views

SUSE CVE-2026-42216

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init reconstructs strings from a prefix-compressed...

8.2CVSS5.8AI score0.00354EPSS
Exploits1References3
NVD
NVD
added 2026/05/07 4:16 a.m.20 views

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

9.8CVSS0.00393EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/07 4:4 a.m.8 views

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

9.8CVSS5.8AI score0.00393EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/07 4:4 a.m.6 views

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

6.3CVSS5.8AI score0.00393EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/07 4:4 a.m.24 views

EUVD-2026-28300

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

6.3CVSS5.8AI score0.00393EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/07 3:58 a.m.10 views

CVE-2026-41142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

8.8CVSS5.8AI score0.00355EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/07 3:58 a.m.7 views

CVE-2026-41142

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads...

8.8CVSS5.8AI score0.00355EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.22 views

PT-2026-38334

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The IDManifest::init function reconstructs strings from a prefix-compressed representation. When a previous string...

9.1CVSS6AI score0.00354EPSS
Exploits1References32
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.11 views

PT-2026-38335

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.0.0 through 3.2.8 OpenEXR versions 3.3.0 through 3.3.10 OpenEXR versions 3.4.0 through 3.4.10 Description The readVariableLengthInteger function decodes a variable-length integer from untrusted EXR input without bounding the...

9.8CVSS5.9AI score0.00393EPSS
Exploits1References34
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.9 views

CVE-2026-42217

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger decodes a variable-length integer fro...

9.8CVSS5.8AI score0.00393EPSS
Exploits1References3
NVD
NVD
added 2026/03/27 10:16 p.m.4 views

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

9.6CVSS0.00706EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 10:16 p.m.9 views

CVE-2026-33955

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...

8.6CVSS0.00345EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 9:27 p.m.5 views

EUVD-2026-16872

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution in a desktop application. The issue is triggered when an attacker-controlled note header is displayed usi...

8.6CVSS6.4AI score0.00345EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/27 9:26 p.m.20 views

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

9.6CVSS0.00706EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 9:26 p.m.2 views

EUVD-2026-16874

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

9.6CVSS6.5AI score0.00706EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 9:26 p.m.4 views

CVE-2026-33976 Notesnook vulnerable to RCE via stored XSS in Web Clipper rendering

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

9.6CVSS6.5AI score0.00706EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.6 views

Notesnook 代码注入漏洞

Notesnook is an end-to-end encrypted note application developed by Streetwriters. There were code injection vulnerabilities in versions of Notesnook Web/Desktop prior to 3.3.11, as well as in versions for Android/iOS prior to 3.3.17. These vulnerabilities stemmed from a stored-xss vulnerability...

9.6CVSS6.5AI score0.00706EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/02 1:51 a.m.9 views

CVE-2026-28352

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

6.5CVSS5.9AI score0.00264EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/01 1:24 a.m.9 views

Indico has a missing access check in the event series management API

Impact The API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this is limited to: - Getting the metadata title, category chain, start/end date for events in an existing series - Deleting an existing eve...

6.5CVSS6AI score0.00264EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder