Lucene search
+L

36176 matches found

cve
cve
added yesterday29 views

CVE-2026-44023

Docling Core (docling-core) versions >= 1.5.0 and = 2.74.1 is recommended. If upgrading isn’t immediately possible, a workaround is to avoid passing untrusted URLs into remote fetch functionality. There is no exploitation detail in the provided documents, and no in‑the‑wild exploit information...

8.6CVSS6.1AI score0.00055EPSS
Exploits0References2
cve
cve
added yesterday21 views

CVE-2026-44019

Docling Core (docling-core) versions 2.5.0 through before 2.74.1 allow local file:// image references and inline data: content without a decoded-size limit when processing untrusted image references. This could enable access to local files readable by the process or cause excessive memory usage f...

8.1CVSS6.1AI score0.0004EPSS
Exploits0References2
nvd
nvd
added yesterday5 views

CVE-2026-15352

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS
Exploits0References3
cve
cve
added yesterday7 views

CVE-2026-15352

CVE-2026-15352 affects NASA’s Core Flight System (cFS) Health & Safety (HS) application. The vulnerability allows a segmentation fault when handling a routine Housekeeping Telemetry request, resulting in a denial-of-service condition. Documents confirm the HS component and cFS are impacted; the i...

8.2CVSS6.1AI score
Exploits0References3
attackerkb
attackerkb
added yesterday3 views

CVE-2026-15352

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS6.1AI score
Exploits0References4
euvd
euvd
added yesterday3 views

EUVD-2026-45022

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday5 views

CVE-2026-62994

CoreDNS vulnerability CVE-2026-62994 affects the Go-based DNS server in versions 1.9.4 through 1.14.5. When a network DNS client uses AXFR for a CoreDNS zone and CoreDNS is configured with the k8s_external headless-service zone transfers feature, and Kubernetes contains a headless service endpoin...

3.7CVSS6.1AI score
Exploits0References4
osv
osv
added yesterday8 views

ROOT-APP-MAVEN-GHSA-72HV-8253-57QQ GHSA-72hv-8253-57qq in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root

Root has patched GHSA-72hv-8253-57qq in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...

5.8AI score
Exploits0
osv
osv
added yesterday16 views

ROOT-APP-MAVEN-CVE-2025-52999 CVE-2025-52999 in io.root.com.fasterxml.jackson.core:jackson-core - Patched by Root

Root has patched CVE-2025-52999 in the io.root.com.fasterxml.jackson.core:jackson-core package for Root:Maven. Multiple fixed versions available...

8.7CVSS7.2AI score0.00634EPSS
Exploits0
osv
osv
added yesterday14 views

ROOT-APP-MAVEN-CVE-2026-34360 CVE-2026-34360 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core - Patched by Root

Root has patched CVE-2026-34360 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core package for Root:Maven. Multiple fixed versions available...

5.8CVSS5.4AI score0.00235EPSS
Exploits1
nuclei
nuclei
added yesterday74 views

WordPress WPB Show Core - Cross-Site Scripting

WordPress wpb-show-core plugin through TODO contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site...

6.1CVSS6.5AI score0.00902EPSS
Exploits1References3
nuclei
nuclei
added yesterday59 views

Lotus Core CMS 1.0.1 - Local File Inclusion

Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php pageslug parameter. id: CVE-2020-8641 info: name: Lotus Core CMS 1.0.1 - Local File Inclusion author: 0xAkoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated...

8.8CVSS7AI score0.10808EPSS
Exploits1References5
nuclei
nuclei
added yesterday19 views

Apache Tika - XML External Entity Injection

Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1, and tika-parsers 1.13-1.28.5 contain an XML External Entity injection caused by processing crafted XFA files inside PDFs, letting attackers perform XXE attacks remotely, exploit requires crafted PDF input. id: CVE-2025-66516 info: nam...

9.8CVSS7AI score0.79807EPSS
Exploits5References2
nuclei
nuclei
added yesterday66 views

Social Login by BestWebSoft < 0.2 - Cross-Site Scripting

The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. id: CVE-2017-18501 info: name: Social Login by BestWebSoft 0.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues...

6.1CVSS6.4AI score0.0141EPSS
Exploits1References4
nuclei
nuclei
added yesterday35 views

WordPress WPB Show Core <= 2.2 - Server-Side Request Forgery

The WPB Show Core WordPress plugin through version 2.2 is vulnerable to Server-Side Request Forgery SSRF via the 'path' parameter in the download-file.php script. This vulnerability allows unauthenticated attackers to make the server perform requests to arbitrary URLs. id: CVE-2023-5974 info: nam...

9.8CVSS7.1AI score0.0315EPSS
Exploits2References2
nuclei
nuclei
added yesterday96 views

WordPress Core <6.5.2 - Cross-Site Scripting

WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due to insufficient output escaping on the display name. id: CVE-2024-4439 info: name: WordPress Core 6.5.2 - Cross-Site Scripting author: nqdung2002 severity: hi...

7.2CVSS6.9AI score0.70822EPSS
Exploits4References2
osv
osv
added yesterday12 views

ROOT-APP-MAVEN-CVE-2026-1225 CVE-2026-1225 in io.root.ch.qos.logback:logback-core - Patched by Root

Root has patched CVE-2026-1225 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...

5CVSS5.8AI score0.00159EPSS
Exploits0
osv
osv
added yesterday12 views

ROOT-APP-MAVEN-CVE-2024-12798 CVE-2024-12798 in io.root.ch.qos.logback:logback-core - Patched by Root

Root has patched CVE-2024-12798 in the io.root.ch.qos.logback:logback-core package for Root:Maven. Multiple fixed versions available...

5.5CVSS6.6AI score0.00404EPSS
Exploits0
osv
osv
added yesterday3 views

ROOT-APP-NPM-CVE-2026-54285 CVE-2026-54285 in @rootio/opentelemetry__core - Patched by Root

Root has patched CVE-2026-54285 in the @rootio/opentelemetrycore package for Root:npm. Multiple fixed versions available...

5.3CVSS6.1AI score0.00238EPSS
Exploits0
ics
ics
added yesterday3 views

NASA Core Flight System (cFS) Health & Safety (HS) Application

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

8.2CVSS6.1AI score
Exploits0References13
Rows per page
Query Builder