Lucene search
+L

36827 matches found

NVD
NVD
added yesterday6 views

CVE-2026-61736

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...

9.3CVSS
Exploits0References6
Cvelist
Cvelist
added yesterday10 views

CVE-2026-41580 Stirling-PDF: Reflected XSS through crafted PDF metadata fields (Title and Author)

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. Prior to 2.0.0, Stirling-PDF's /get-info-on-pdf endpoint rendered PDF Title and Author metadata fields without proper HTML encoding or sanitization, allowing a crafted PDF to execute...

6.1CVSS0.0006EPSS
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-41580

Stirling-PDF (local web app) exposes a Reflected XSS via crafted PDF metadata in the /get-info-on-pdf endpoint. Prior to version 2.0.0, Title and Author metadata were rendered without proper HTML encoding/sanitization, allowing attacker-controlled JavaScript to execute in a user’s browser when vi...

6.1CVSS6.2AI score0.0006EPSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-44670

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...

9.3CVSS6.1AI score
Exploits0References6
OSV
OSV
added yesterday5 views

CGA-CV8M-VXR5-MH4R

Bulletin has no description...

8.7CVSS6.1AI score0.00566EPSS
Exploits0
Cvelist
Cvelist
added yesterday12 views

CVE-2026-56699 Wazuh Manager - NDJSON Injection in inventory_sync via Agent-Controlled DataValue.index

Wazuh Manager before 5.0.0-beta3 fails to escape the DataValue.index field when constructing OpenSearch bulk requests, allowing enrolled agents to inject arbitrary NDJSON operations. Attackers can smuggle delete, index, or update operations into bulk requests executed under the manager's admin...

10CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday62 views

XWiki Platform - Unauthorized Document History Access

A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...

5.3CVSS6.1AI score0.03417EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-60192

Name of the Vulnerable Software and Affected Versions LightRAG versions prior to 1.5.4 Description An issue exists in the server configuration within the file lightrag/api/lightrag server.py where CORS ORIGINS is set to and allow credentials is set to True. This configuration causes the Starlette...

9.3CVSS6.2AI score
Exploits0References8
NVD
NVD
added 2 days ago4 views

CVE-2026-48255

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-48257

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-48260

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago3 views

CVE-2026-48260 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-48255 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References1
CVE
CVE
added 2 days ago7 views

CVE-2026-48257

CVE-2026-48257 : Adobe Experience Manager is affected by a DOM-based XSS vulnerability. An attacker could manipulate the DOM to run malicious JavaScript in the victim’s browser, with exploitation requiring the user to visit a crafted webpage. The CVSS v3.1 base score is 5.4 (Medium) with network ...

5.4CVSS6.1AI score0.00271EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago5 views

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago4 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS6AI score0.00251EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago6 views

firefox: thunderbird: Sandbox escape in the DOM: Navigation component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Navigation component...

9.6CVSS6AI score0.00393EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago5 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS6AI score0.00251EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago7 views

firefox: thunderbird: Sandbox escape in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape in the DOM: Workers component...

9.6CVSS6AI score0.00363EPSS
Exploits0References6
Rows per page
Query Builder