Lucene search
+L

89 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/27 1:52 p.m.2 views

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

4.8CVSS6AI score0.00173EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 1:52 p.m.2 views

CVE-2026-33205 calibre has Server-Side Request Forgery in ebook viewer backend

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

4.8CVSS6AI score0.00173EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28474

Name of the Vulnerable Software and Affected Versions calibre versions prior to 9.6.0 Description A path traversal issue exists in the handling of images within Markdown and similar text-based files, which allows an attacker to include arbitrary files from the file system into a converted book...

9.3CVSS5.8AI score0.0088EPSS
Exploits6References20
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.15 views

Calibre 代码问题漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer in India. It serves as a comprehensive e-book reading management and format conversion tool. Prior to Calibre 9.6.0, there were code-related vulnerabilities. These vulnerabilities stemmed from a server-side reques...

5.5CVSS6AI score0.00173EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.12 views

Calibre 安全漏洞

Calibre is an open-source, free tool developed by Kovid Goyal, a personal developer from India. It serves as a comprehensive e-book reading management and format conversion tool. Versions of Calibre prior to 9.6.0 contained security vulnerabilities. These vulnerabilities stemmed from a path...

8.2CVSS5.8AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.5 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS6AI score0.00237EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.7 views

Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/20 2:42 p.m.23 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.3CVSS0.00211EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 2:42 p.m.4 views

CVE-2026-33312 Read-only Vikunja users can delete project background images via broken object-level authorization

Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delet...

5.3CVSS6.4AI score0.00211EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26622

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.3CVSS5.8AI score0.00211EPSS
Exploits1References9
OSV
OSV
added 2026/03/12 5:20 p.m.3 views

CVE-2026-31873 Unhead has a Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

5.9AI score0.00237EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/11 7:44 p.m.5 views

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

9.3CVSS6AI score0.00283EPSS
Exploits1References1
NVD
NVD
added 2026/02/10 6:16 p.m.6 views

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 40, a Time-of-Check to Time-of-Use TOCTOU race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application moves uploaded files to a web-accessible location before...

9.3CVSS0.00283EPSS
Exploits1References2
NVD
NVD
added 2025/12/16 5:16 p.m.7 views

CVE-2023-53901

WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious HTML and CSS to capture user keystrokes. Attackers can upload a crafted HTML file with CSS-based keylogging techniques to intercept password characters through background image requests...

7.1CVSS0.0023EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48954

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120 Description A user with limited privileges, lacking administrator or power roles, can crea...

5.4CVSS6.3AI score0.00198EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.13 views

EUVD-2021-19503

Malware in sbrugna...

4.3CVSS4.6AI score0.01146EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-12189

Malware in sbrugna...

4.8CVSS5.1AI score0.0056EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-20531

Malware in sbrugna...

4.3CVSS4.9AI score0.01068EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-28040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. CVE-2020-28040 Note that Nessus relies on the presence of the package as...

4.3CVSS5.5AI score0.01068EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/19 3:32 p.m.3 views

CVE-2025-9145 Scada-LTS SVG File view_edit.shtm cross site scripting

A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file viewedit.shtm of the component SVG File Handler. Such manipulation of the argument backgroundImageMP leads to cross site scripting. The attack can be launched remotely. The...

5.1CVSS6.5AI score0.00256EPSS
Exploits1References5
Rows per page
Query Builder