Lucene search
K

4650 matches found

Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.10 views

PT-2026-33091

A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...

6.1CVSS5.8AI score0.00222EPSS
Exploits0References3
OSV
OSV
added 2026/04/14 11:33 p.m.10 views

GHSA-PQ96-PWVG-VRR9 frp has an authentication bypass in HTTP vhost routing when routeByHTTPUser is used for access control

Summary frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses...

6.5CVSS5.9AI score0.00269EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:12 p.m.6 views

CVE-2026-34161

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, a Stored Cross-Site Scripting XSS vulnerability exists in the social post attachment upload functionality, where an authenticated user can upload a malicious HTML file containing JavaScript via the...

5.1CVSS6AI score0.00219EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/14 4:57 p.m.21 views

CVE-2026-33096

CVE-2026-33096 is an out-of-bounds read vulnerability in Windows HTTP.sys that can cause Denial-of-Service over the network. Public references confirm the issue and note that Microsoft has fixed the vulnerability in April 2026 security updates. Affected software is Windows (HTTP.sys component); t...

7.5CVSS5.8AI score0.01248EPSS
Exploits0References1Affected Software7
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in variant names. This vulnerability may lead to stored-cross-site scripting attacks, allowin...

7.1CVSS6AI score0.002EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/13 12:47 p.m.2 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:58 a.m.5 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:37 a.m.3 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:24 a.m.3 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:18 a.m.1 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:5 a.m.4 views

firefox: thunderbird: Mitigation bypass in the Networking: HTTP component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: HTTP component...

9.8CVSS7.2AI score0.00459EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32509

EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard non-administrative privileges to inject arbitrary HTML into system-generated email notifications by crafting...

4.6CVSS5.8AI score0.00176EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2026/04/12 7:17 p.m.1 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

4CVSS6AI score0.00236EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/12 7:17 p.m.4 views

CVE-2026-40394

Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service daemon panic for certain amounts of prefetched data. The setup of an HTTP/2 session starts with a speculative HTTP/1 transport, and upon upgrading to h2 the HTTP/1 request is...

4CVSS6AI score0.00236EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/12 3:53 p.m.7 views

[SECURITY] Fedora 42 Update: libmicrohttpd-1.0.3-1.fc42

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

8.7CVSS5.8AI score0.00382EPSS
Exploits0
OSV
OSV
added 2026/04/11 2:5 p.m.3 views

OESA-2026-1880 busybox security update

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fixes: BusyBox...

6.5CVSS7.1AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 7:50 p.m.5 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

5.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/10 7:50 p.m.5 views

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...

5.9CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2026/04/10 3:34 p.m.19 views

EUVD-2026-21427

Vikunja has HTML Injection via Task Titles in Overdue Email Notifications...

5.4CVSS5.8AI score0.00195EPSS
Exploits1References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:36 p.m.6 views

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server shipped with IBM WebSphere Remote Server

Summary IBM HTTP Server is shipped with IBM WebSphere Remote Server. Information about a security vulnerability affecting IBM HTTP Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

5.5CVSS5.8AI score0.00216EPSS
Exploits1Affected Software1
Rows per page
Query Builder