Lucene search
K

42 matches found

Cvelist
Cvelist
added 2026/06/09 7:34 a.m.37 views

CVE-2026-33582 Apache Answer: Uploading specially crafted TIFF files causes an Out-of-Memory error

Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. A crafted TIFF image could trigger excessive memory allocation during image decoding, allowing an authenticated user to cause the server process to crash. Users are...

0.00479EPSS
Exploits0References1
NVD
NVD
added 2026/05/19 11:16 p.m.21 views

CVE-2026-8491

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.1...

3.7CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 10:28 p.m.18 views

CVE-2026-8491

CVE-2026-8491 involves an improper check in the Drupal Node View Permissions module that permits forceful browsing. Affected are Node View Permissions 0.0.0–1.6.x and 2.0.0–2.0.0, where cancelled users’ content reassigned to anonymous users could be exposed. Remediation: upgrade to 1.7.0 (for 0.0...

3.7CVSS5.8AI score0.00214EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:59 p.m.6 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References2Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: linuxptp (UTSA-2026-017411)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017411 advisory. A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker...

7.1CVSS7.1AI score0.01895EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.5 views

CVE-2026-2348

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 3:20 p.m.22 views

CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 3:20 p.m.4 views

CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Quick Edit allows Cross-Site Scripting XSS.This issue affects Quick Edit: from 0.0.0 before 1.0.5, from 2.0.0 before 2.0.1...

5.8AI score0.00136EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.10 views

Drupal Quick Edit 安全漏洞

Drupal Quick Edit is a content management system module provided by the Drupal company that enables quick editing and immediate modification of page content. Versions of Drupal Quick Edit prior to 1.0.5 and 2.0.1 contained security vulnerabilities, which were due to improper input handling and...

5.4CVSS5.6AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.12 views

CVE-2025-68555

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

9.9CVSS0.00434EPSS
Exploits0References1
NVD
NVD
added 2026/03/05 6:16 a.m.4 views

CVE-2025-68554

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Keenarch keenarch allows Using Malicious Files.This issue affects Keenarch: from n/a through 2.0.1...

9.9CVSS0.00434EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/05 5:53 a.m.5 views

CVE-2025-68553 WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Lendiz lendiz allows Upload a Web Shell to a Web Server.This issue affects Lendiz: from n/a through 2.0.1...

5.9AI score0.00447EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.32 views

CVE-2025-68555 WordPress Nutrie theme < 2.0.1 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Nutrie nutrie allows Upload a Web Shell to a Web Server.This issue affects Nutrie: from n/a through 2.0.1...

9.9CVSS0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.3 views

PT-2026-23141

Name of the Vulnerable Software and Affected Versions Keenarch versions prior to 2.0.1 Description Keenarch is susceptible to a file upload issue that permits the use of malicious files. The vulnerability allows for unrestricted uploads of files with dangerous types. Recommendations Update Keenar...

5.8AI score0.00434EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/03/03 11:25 a.m.8 views

WordPress Lendiz theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lendiz versions 2.0.1...

9.9CVSS5.9AI score0.00447EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/03 11:25 a.m.6 views

WordPress Keenarch theme < 2.0.1 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Keenarch versions 2.0.1...

9.9CVSS5.9AI score0.00434EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/28 8:16 p.m.4 views

CVE-2025-13984

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

6.1CVSS5.8AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/28 8:2 p.m.4 views

EUVD-2025-206437

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

6.1CVSS5.9AI score0.00141EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/28 8:2 p.m.2 views

CVE-2025-13984 Next.js - Critical - Access bypass - SA-CONTRIB-2025-122

Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting XSS.This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1...

5.9AI score0.00141EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

Drupal Next.js security vulnerabilities

Drupal Next.js is a module within the Drupal community that enables a deep integration between Drupal and Next.js. Versions of Drupal Next.js prior to 1.6.4 and 2.0.1 contained security vulnerabilities. These vulnerabilities were due to overly lax cross-domain security policies, which could lead ...

6.1CVSS5.6AI score0.00141EPSS
Exploits0References1
Rows per page
Query Builder