Lucene search
K

8506 matches found

Nuclei
Nuclei
added yesterday38 views

Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting

Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter. id: CVE-2019-14696 info: name: Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting author: pikpikcu severity: medium description: Open-School 3.0, and...

6.1CVSS6.4AI score0.15682EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday32 views

IPS Community Suite - Unauthenticated SQL Injection

IPS Community Suite is vulnerable to unauthenticated SQL injection via the filter parameter in the /index.php?/store/ endpoint, allowing attackers to extract sensitive information from the database. id: CVE-2024-30163 info: name: IPS Community Suite - Unauthenticated SQL Injection author:...

9.8CVSS7AI score0.08676EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday183 views

Invision Community <=5.0.6 Unauthenticated RCE via Template Injection

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by unauthenticated...

10CVSS7.5AI score0.84803EPSS
Exploits6References5
IBM Security Bulletins
IBM Security Bulletins
added 6 days ago3 views

Security Bulletin: Nomad vulnerable to cross-namespace host volume claim deletion

Summary HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace...

4.2CVSS5.9AI score0.0016EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-14891 Nomad vulnerable to sandbox escape in Docker task driver

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS0.00316EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42345

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and writing files on the host. This vulnerability,...

8.7CVSS6AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 6 days ago9 views

CVE-2026-55761

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS0.00272EPSS
Exploits1References6
OSV
OSV
added last week3 views

PYSEC-2026-1516 Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever

A Server-Side Request Forgery SSRF vulnerability exists in the Web Research Retriever component in langchain-community langchain-community.retrievers.webresearch.WebResearchRetriever. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet...

4.8CVSS6.7AI score0.00691EPSS
Exploits1References8
Chainguard
Chainguard
added 2026/06/30 2:16 a.m.9 views

CVE-2023-44270 vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, py3-captum, gitlab-rails-ce-fips...

5.3CVSS6.5AI score0.00822EPSS
Exploits0
NVD
NVD
added 2026/06/25 5:16 a.m.14 views

CVE-2026-5796

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with Reporter-level group permissions to view package metadata from projects with the...

4.3CVSS0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 5:16 a.m.9 views

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

3.1CVSS0.00161EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:34 a.m.75 views

CVE-2026-1606

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...

4.3CVSS5.9AI score0.00223EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 4:34 a.m.5 views

EUVD-2026-39177

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.5 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an unauthenticated user to view confidential issue references on public projects due to improper authorizatio...

5.3CVSS5.9AI score0.00275EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 4:34 a.m.5 views

EUVD-2026-39172

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint...

4.4CVSS5.8AI score0.0013EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 3:37 p.m.5 views

CVE-2026-12866

A flaw was found in expr-eval. A remote attacker can exploit this vulnerability by supplying crafted expressions to the toJSFunction API. These expressions are then compiled into native code using new Function, allowing the attacker to execute arbitrary JavaScript code. This can lead to arbitrary...

9.8CVSS6.6AI score0.00469EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-52178

Name of the Vulnerable Software and Affected Versions OpenAM Community Edition versions prior to 16.1.1 Description A deserialization of untrusted data issue exists in the WebAuthn authentication module. This occurs when the application fails to properly validate data before deserializing it, whi...

9.2CVSS6.4AI score
Exploits0References4
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.8 views

GHSA-84XV-JFRM-H4GM vulnerabilities

Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...

6.1AI score
Exploits0
Fedora
Fedora
added 2026/06/19 1:10 a.m.13 views

[SECURITY] Fedora 43 Update: singularity-ce-4.4.2-1.fc43

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure...

8.2CVSS5.2AI score0.00651EPSS
Exploits0
Fedora
Fedora
added 2026/06/19 1:1 a.m.14 views

[SECURITY] Fedora 44 Update: singularity-ce-4.4.2-1.fc44

SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure...

8.2CVSS5.2AI score0.00651EPSS
Exploits0
Rows per page
Query Builder