Lucene search
+L

138 matches found

NVD
NVD
added 2026/07/09 6:16 p.m.10 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

8.1CVSS0.00348EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 5:54 p.m.35 views

CVE-2026-55420 Discourse: Remote code execution via pdf uploads

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS0.00348EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/09 5:54 p.m.5 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

7.5CVSS5.9AI score0.00348EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/07/09 5:54 p.m.15 views

CVE-2026-55420

Discourse (open-source platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, in some non-default configurations, allowed processing of PDF uploads to lead to remote code execution on the server. The root cause is tied to how PDFs are processed under specific configurations, enab...

8.1CVSS5.9AI score0.00348EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/19 2:16 p.m.12 views

CVE-2026-49871

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

9.3CVSS0.00261EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:18 p.m.15 views

EUVD-2026-38025

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

2.1CVSS5.9AI score0.00261EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2026/06/04 3:43 p.m.15 views

Imperva Customers Protected Against CVE-2026-49975 (HTTP/2 Bomb) DoS

TL;DR: CVE-2026-49975, dubbed the “HTTP/2 Bomb,” is a critical remote Denial-of-Service DoS vulnerability affecting default HTTP/2 configurations of major web servers including NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora. Discovered by security firm Calif using OpenAI’s Code...

7.5CVSS5.6AI score0.11471EPSS
Exploits8
NVD
NVD
added 2026/06/04 6:16 a.m.15 views

CVE-2026-10805

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

6.7CVSS0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/05/25 9:16 p.m.19 views

CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

6.5CVSS0.00272EPSS
Exploits0References2
NVD
NVD
added 2026/05/25 9:16 p.m.28 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS0.00412EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.11 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00412EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/25 9:16 p.m.14 views

CVE-2026-43828

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/25 8:19 p.m.29 views

CVE-2026-43827 Apache Shiro: Session fixation: new session is not created after login by default

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

5.9CVSS0.00412EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/25 8:19 p.m.15 views

CVE-2026-43827

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later, which fixes the issue. In the affected versions, when a session already...

6.5CVSS5.8AI score0.00412EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Mermaid 安全漏洞

Mermaid is an open-source application developed by mermaid-js. It uses text and code to create charts and visualizations. Mermaid versions 10.9.5 and earlier, as well as 11.0.0-alpha.1 through 11.14.0, have security vulnerabilities. These vulnerabilities stem from HTML injection under default...

5.3CVSS5.9AI score0.00401EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in OpenSSH

In OpenSSH 6.2 through 8.x, prior to version 8.8, when certain non-default configurations were used, privilege escalation could occur because supplementary groups were not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand might run with privileges...

7CVSS7.3AI score0.02367EPSS
Exploits2References2
EUVD
EUVD
added 2026/04/28 4:53 a.m.8 views

EUVD-2026-25982

OpenStack Ironic through 25.0.0 allows ipmitool execution in a non-default configuration that has a console interface...

6.6CVSS5.5AI score0.0057EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/28 4:53 a.m.10 views

CVE-2026-42510

OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface...

7.2CVSS5.5AI score0.0057EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

Flowise 代码问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, such as 3.1.0, contained code vulnerabilities. These vulnerabilities stemmed from multiple logical flaws in the security wrapper, allowing attackers to bypass the...

7.1CVSS7.1AI score0.00232EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.11 views

Quantum Networks router 访问控制错误漏洞

The Quantum Networks router is a network routing device developed by the Indian company Quantum Networks. The Quantum Networks router QN-I-470 has a vulnerability related to access control. This vulnerability stems from improper and insecure default configurations of the web-based management...

8.7CVSS5.8AI score0.00261EPSS
Exploits0References1
Rows per page
Query Builder