Lucene search
K

13633 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 9:23 a.m.12 views

CVE-2026-46722 XML External Entity Injection in extension "Faceted Search" (ke_search)

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:23 a.m.23 views

CVE-2026-46722

CVE-2026-46722 affects the file indexer’s OOXML parsing (notably in the Faceted Search extension ke_search). The root cause is that external entity resolution is not disabled, allowing a crafted xlsx or pptx placed in an indexed directory to read local files or trigger outbound HTTP requests, wit...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:23 a.m.8 views

CVE-2026-46722

The OOXML parsing of the file indexer does not disable external entity resolution. A crafted xlsx or pptx document placed in an indexed directory can cause local files to be read or outbound HTTP requests to be performed, with the retrieved content being written to the search index...

5.9CVSS5.8AI score0.00301EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

TYPO3 Extension Faceted Search 路径遍历漏洞

TYPO3 Extension Faceted Search is an open-source extension for TYPO3 that enables faceted search. TYPO3 Extension Faceted Search has a path traversal vulnerability. This vulnerability stems from the fact that the file indexer does not normalize the configured directory paths. As a result, backend...

5.9CVSS5.8AI score0.00404EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.17 views

PT-2026-42157

Name of the Vulnerable Software and Affected Versions Microsoft Defender affected versions not specified Description Improper link resolution before file access, also known as link following, in the Microsoft Malware Protection Engine allows an authorized attacker to locally elevate privileges to...

7.8CVSS6.2AI score0.63076EPSS
Exploits2References104
AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.9 views

Low: NetworkManager security update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.15 views

RHEL 9 : NetworkManager (RHSA-2026:18597)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18597 advisory. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.5CVSS5.9AI score0.00564EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41975

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description An authenticated Server-Side Request Forgery SSRF allows users to fetch arbitrary internal or local resources and write the responses to a web-accessible directory, enabling arbitrary file read and...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.9 views

terrascan 安全漏洞

Trenescan is an open-source infrastructure code static security analysis tool developed by Tenable. Versions of Trenescan 1.18.3 and earlier contain security vulnerabilities. These vulnerabilities stem from a server-side request forgeing vulnerability in the remote directory scanning endpoint’s...

9.2CVSS5.9AI score0.00482EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.9 views

RHEL 10 : NetworkManager (RHSA-2026:18142)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18142 advisory. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References16
OSV
OSV
added 2026/05/19 12:0 a.m.13 views

ALSA-2026:18142 Low: NetworkManager security update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References4
OSV
OSV
added 2026/05/19 12:0 a.m.11 views

ALSA-2026:18597 Low: NetworkManager security update

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband WWAN, and PPPoE devices, as well as providing VPN integration with a varie...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/18 8:21 p.m.10 views

External Control of File Name or Path

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to External Control of File Name or Path via the preparecontent function. An attacker can access sensitive local files readable by the server by supplying specially...

8.7CVSS5.8AI score0.00255EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 7:1 p.m.13 views

AVideo: Authenticated Arbitrary File Read in view/update.php

Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...

6.9CVSS6.1AI score0.00469EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/05/18 6:17 p.m.22 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

7.5CVSS0.00595EPSS
Exploits1References3
Snyk
Snyk
added 2026/05/18 5:50 p.m.4 views

Directory Traversal

Overview cloakbrowser is a Stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. Affected versions of this package are vulnerable to Directory Traversal via the fingerprint parameter in the cloakserve process. An attacker can...

8.8CVSS6.5AI score0.00475EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/18 6:0 a.m.10 views

EUVD-2026-30732

The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion attacks...

7.5CVSS5.8AI score0.00383EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41706

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

5.9AI score0.00595EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 12:0 a.m.45 views

CVE-2026-29963

HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this...

0.00595EPSS
Exploits1References3
Rows per page
Query Builder