Lucene search
K

4148 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports digital signatures for ODF documents and macros within documents. It provides visual aids to indicate that the document has not been altered since the last signature, and that the signature is valid. A vulnerability in certificate validation in LibreOffice allowed attackers t...

7.5CVSS6.8AI score0.00685EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized, resulting in a bypass that allowed device permissions to be leaked into untrusted sub-documents. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.5CVSS6.9AI score0.01284EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 12:16 a.m.21 views

CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 11:54 p.m.8 views

CVE-2026-39309 Trilium Notes: macOS TCC Bypass via Prompt Spoofing

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

5.5CVSS6.1AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 6:14 p.m.33 views

CVE-2026-33741 EspoCRM: Stored XSS via SVG attachment loading same-origin JavaScript

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later serve those SVG files as top-level inline documents through both the attachment and image entry...

6.8CVSS0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:23 a.m.12 views

CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.23 views

PT-2026-41933

Name of the Vulnerable Software and Affected Versions Eclipse GlassFish version 8.0.0 Eclipse GlassFish versions prior to 7.1.0 Description A critical Expression Language EL injection issue exists in the server-side template rendering mechanism used by the GlassFish gadget handler. The applicatio...

9.6CVSS6.2AI score0.00628EPSS
Exploits2References9
NVD
NVD
added 2026/05/18 3:16 p.m.45 views

CVE-2026-41949

Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

8.2CVSS0.00435EPSS
Exploits1References6
Fedora
Fedora
added 2026/05/17 12:50 a.m.25 views

[SECURITY] Fedora 43 Update: yelp-49.1-1.fc43

Yelp is the help browser for the GNOME desktop. It is designed to help you browse all the documentation on your system in one central tool, including traditional man pages, info pages and documentation written in DocBook...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.12 views

CVE-2026-45148

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 7:26 p.m.8 views

CVE-2026-44564 Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the ydoc:document:update Socket.IO event handler checks whether the sender is a member of the document's Socket.IO room line 678 but does not verify that the sender has write...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 7:26 p.m.25 views

CVE-2026-44564

Open WebUI (self-hosted offline AI platform) contains a vulnerability in the ydoc:document:update Socket.IO handler that allows read-only users to modify in-memory Yjs documents. The handler validates room membership but does not verify write permission, and read-only users join the document room...

5.4CVSS5.8AI score0.0022EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/15 6:30 p.m.5 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the discovery document retrieval process via uripukidpenc and uripukidpsig properties. An attacker can intercept and modify the TLS connection to substitute a forged discovery document...

9.1CVSS5.4AI score0.00118EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/15 12:30 a.m.13 views

EUVD-2026-30490

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS5.8AI score0.00311EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances whe...

6CVSS5.6AI score0.00311EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 10:16 p.m.13 views

DEBIAN-CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS5.8AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 10:16 p.m.8 views

UBUNTU-CVE-2026-6811

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS5.8AI score0.00311EPSS
Exploits0References3
CVE
CVE
added 2026/05/14 9:27 p.m.25 views

CVE-2026-6811

CVE-2026-6811 affects the MongoDB PHP driver, with a stack exhaustion condition that can cause application crashes when processing deeply nested BSON documents. The issue is triggered in unusual circumstances when the BSON source is not from a MongoDB Server, and it is characterized by high avail...

6CVSS5.8AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 9:27 p.m.35 views

CVE-2026-6811 PHP Stack Exhaustion

Stack exhaustion vulnerability in the MongoDB PHP driver can cause application crashes when processing deeply nested BSON documents in unusual circumstances when the source of these BSON documents is not MongoDB Server...

6CVSS0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 6:19 p.m.10 views

CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

4.3CVSS5.8AI score0.00221EPSS
Exploits0References1
Rows per page
Query Builder