Lucene search
K

68 matches found

CVE
CVE
added yesterday72 views

CVE-2026-55229

Gotenberg prior to 8.34.0 contains an SSRF/local-file disclosure in the /forms/libreoffice/convert endpoint. A specially crafted DOCX can cause LibreOffice to fetch external HTTP(S) resources (blind SSRF) and load local image resources during conversion, potentially exposing internal endpoints an...

7.5CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 4:0 p.m.36 views

CVE-2026-13434 Virt-controller-rhel9: kubevirt: kubevirt: multus default-network annotation injection via unvalidated tenant networkname when externalnetresourceinjection is enabled

A flaw was found in KubeVirt's network annotation generator. When a tenant creates a VirtualMachineInstance with a Multus network configuration, the supplied networkName value is written verbatim into the launcher pod's v1.multus-cni.io/default-network annotation without format validation or...

4.9CVSS0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.26 views

PT-2026-50731

Name of the Vulnerable Software and Affected Versions Gotenberg version 8.33.0 Description A Server-Side Request Forgery SSRF issue exists in the /forms/libreoffice/convert endpoint. By uploading a specially crafted DOCX document, an attacker can force LibreOffice to retrieve external resources...

7.5CVSS5.8AI score
Exploits0References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby-Nokogiri

Nokogiri is a Rubygem that provides HTML, XML, SAX, and Reader parsers, with support for XPath and CSS selectors. In Nokogiri versions prior to 1.11.0.rc4, there was an XXE vulnerability. XML schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accesse...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References2
CVE
CVE
added 2026/05/19 3:53 p.m.17 views

CVE-2026-47358

CVE-2026-47358 affects Terrascan v1.18.3 and earlier. In server mode, Terrascan parses uploaded ARM/CloudFormation templates and resolves external URLs via hashicorp/go-getter with default detectors (including FileDetector), enabling an unauthenticated attacker to upload templates containing atta...

9.2CVSS5.8AI score0.00479EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.7 views

CVE-2026-34327

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00638EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 8:58 p.m.8 views

CVE-2026-34327

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00638EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.21 views

Microsoft Partner Center Spoofing Vulnerability

Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00638EPSS
Exploits0
CVE
CVE
added 2026/04/16 8:12 a.m.15 views

CVE-2024-2374

The CVE-2024-2374 entry describes an XML External Entity (XXE) issue in the XML parsers of multiple WSO2 products, where user-supplied XML data is not configured to disable external-resource resolution. This allows an attacker to read files from the file system and access limited HTTP resources r...

9.1CVSS5.7AI score0.00377EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/15 10:5 p.m.7 views

MAL-2026-2894 Malicious code in chai-as-nobj (npm)

chai-as-nobj is a malicious npm package that when imported downloads a C2 dropper from https://api.npoint.io/5b357f718ab4ee355003 and executes it similar to malware in to chai-await-test. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector...

5.7AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.9 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 10:16 p.m.7 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS0.00219EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 9:28 p.m.4 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References3
OSV
OSV
added 2026/03/31 9:28 p.m.6 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/31 9:28 p.m.11 views

EUVD-2026-17673

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 9:28 p.m.25 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS0.00219EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:28 p.m.21 views

CVE-2026-34442

FreeScout (PHP/Laravel) is affected prior to version 1.8.211 due to host header manipulation in-generated absolute URLs. The vulnerability arises because the application uses the unvalidated Host header to construct links and assets, enabling External Resource Loading and Open Redirects to attack...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.5 views

PT-2026-29374

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/17 12:2 p.m.2 views

CVE-2025-62320

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

4.7CVSS5.8AI score0.00158EPSS
Exploits0References2
Veracode
Veracode
added 2025/11/24 4:31 a.m.7 views

XML External Entity (XXE)

langchaintextsplitters is vulnerable to XML External Entity XXE injection. The vulnerability is due to unsafe parsing of arbitrary XSLT stylesheets using lxml without access controls, which allows an attacker to read local files or fetch external resources accessible to the LangChain process...

7.5CVSS7AI score0.00604EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder