Lucene search
K

6102 matches found

AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Audit: Added fchmodat2 to the “change attributes” class. fchmodat2, introduced in version 6.6, is currently not included in the “change attributes” class of audit. Calling fchmodat2 to change a file’s attributes in the same way a...

5.5CVSS5.7AI score0.00124EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Python 3.11

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class, and therefore does not use io.opencode to read the .pyc files. As a result, the sys.audit handlers for this audit event do not trigger...

5.7CVSS6AI score0.00202EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 2:17 p.m.33 views

CVE-2026-50698 Frappe Framework 17.0.0-dev - Stored XSS in Audit Trail template rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 2:17 p.m.9 views

CVE-2026-50698

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 2:17 p.m.7 views

EUVD-2026-38794

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input before generating HTML output in the Audit Trail component...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 2:17 p.m.14 views

CVE-2026-50698

CVE-2026-50698 describes a Stored XSS in Frappe Framework 17.0.0-dev, arising from improper neutralization of user-controlled input in the Audit Trail template rendering. The description indicates the vulnerability is a content injection flaw that could affect HTML output. No exploitation details...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38669

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel blcapmainpage and on the Hall of Shame and Log subpages, which accept a 'blcapaction' / 'action'...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
NVD
NVD
added 2026/06/23 5:17 p.m.7 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.36 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:14 p.m.11 views

CVE-2026-44960

Vulnerability summary (CVE-2026-44960) : A stored XSS exists in Revive Adserver where malicious content placed in the username could be executed when an admin views audit log details, due to missing output sanitisation. The issue is triggered by usernames being displayed in the audit log details ...

5.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38503

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

5.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 2:20 p.m.10 views

EUVD-2026-38455

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS
Exploits1References3
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS0.00359EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.36 views

CVE-2026-56248 Capgo - Unauthenticated Denial-of-Service via audit_logs RLS Policy

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS0.00359EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 12:12 p.m.7 views

EUVD-2026-38431

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.12 views

CVE-2026-56248

Cap-go capgo (capgo-backend) before 12.128.12 is affected. An unauthenticated DoS arises from the audit_logs table RLS policy when accessed via the Supabase PostgREST API; the query planner performs costly work before RLS rejection, so unfiltered public.audit_logs queries with the public anon key...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS0.00114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:16 p.m.5 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

Amazon Linux 2023 : mariadb1011, mariadb1011-backup, mariadb1011-client-utils (ALAS2023-2026-1844)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1844 advisory. Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable...

9.8CVSS6.2AI score0.00567EPSS
Exploits1References14
Rows per page
Query Builder