Lucene search
K

5415 matches found

Nuclei
Nuclei
added 10 hours ago6 views

Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API

Piwigo = 16.3.0 contains an information disclosure vulnerability caused by the pwg.history.search API method lacking adminonly restriction, letting unauthenticated users access full browsing history, exploit requires no authentication id: CVE-2026-27833 info: name: Piwigo 16.3.0 - Unauthenticated...

7.5CVSS5.8AI score0.01522EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago29 views

XWiki Platform - Unauthorized Document History Access

A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...

5.3CVSS5.8AI score0.03417EPSS
Exploits1References3
EUVD
EUVD
added 13 hours ago3 views

EUVD-2026-40426

Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...

5.4CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 13 hours ago3 views

EUVD-2026-40820

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 13 hours ago3 views

EUVD-2026-40654

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-14133

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-13966

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14133

Google Chrome contains a race condition in History Embeddings that could enable UI spoofing when a crafted HTML page is loaded. Affected versions are Chrome prior to 150.0.7871.47. The vulnerability is classified with low severity in Chromium reports. Mitigation is to update Chrome to 150.0.7871....

5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-13966

Google Chrome pre-150.0.7871.47 is affected by CVE-2026-13966 due to an inappropriate History implementation that allows UI spoofing via a crafted HTML page. Remediation: update to 150.0.7871.47 or later. No exploitation details are provided in the documents.

5.8AI score
Exploits0References2
NVD
NVD
added 2 days ago8 views

CVE-2026-57955

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS0.00235EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-57955

SigNoz versions up to 0.130.1 are affected by a SQL injection in the alert-history endpoints. The issue arises from unsanitized rule ID interpolation into ClickHouse queries, allowing authenticated attackers to inject URL-encoded quotes via the rule ID path parameter. The consequence is potential...

8.5CVSS6.1AI score0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40140

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS6.1AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 4 days ago9 views

CVE-2026-49416

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

7.8CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-49416 Integer overflow in vt(4) CONS_HISTORY ioctl

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

0.00107EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-39960

The CONSHISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap allocation smaller than expected. Subsequent initialization of the buffer wrote beyond the end of the allocation. An...

6AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 4 days ago37 views

CVE-2026-49416

The CVE-2026-49416 issue affects FreeBSD vt(4) CONS_HISTORY: the ioctl handler validates the requested history size, but large values trigger an integer overflow in the buffer size calculation, causing a smaller heap allocation and an out-of-bounds write on initialization. This can enable an unpr...

7.8CVSS6AI score0.00107EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-38016

Streamable HTTP mode exposes LINE Desktop read/send tools without MCP authentication...

8.8CVSS5.8AI score0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

4.3CVSS0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.30 views

CVE-2026-57287

Jenkins Job Configuration History Plugin 1356.ve360da6c523a and earlier does not redact the encrypted values of secrets when displaying historical job and agent configurations, allowing attackers with Extended Read permission to view encrypted secret values that would otherwise be redacted...

0.0013EPSS
Exploits0References1
Rows per page
Query Builder