Lucene search
K

1531 matches found

Fedora
Fedora
added 2026/06/05 4:10 a.m.14 views

[SECURITY] Fedora 43 Update: python-starlette-0.52.1-2.fc43

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/06/01 1:15 p.m.11 views

CVE-2026-48559

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/06/01 1:15 p.m.13 views

CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/01 1:15 p.m.32 views

CVE-2026-48559 Lightweight Music Server 3.76.0 Stored XSS via Media File Metadata Tags

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS0.00171EPSS
Exploits1References4
CVE
CVE
added 2026/06/01 1:15 p.m.25 views

CVE-2026-48559

CVE-2026-48559 affects Lightweight Music Server (LMS) up to version 3.76.0. The vulnerability is a stored cross-site scripting (XSS) that lets an attacker cause JavaScript execution in the web interface by embedding malicious HTML in media file metadata fields (GENRE, ARTIST, ALBUM). The payload ...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/01 1:15 p.m.16 views

EUVD-2026-33640

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References4
Snyk
Snyk
added 2026/06/01 8:24 a.m.18 views

Improper Validation of Certificate with Host Mismatch

Overview org.apache.directory.api:api-ldap-client-api is a LDAP Client API. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the TLS server identity verification. An attacker can intercept and impersonate the server by presenting a...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.11 views

Lightweight Music Server 跨站脚本漏洞

Lightweight Music Server is a self-hosted music streaming service developed by Emeric POUPON. Versions of Lightweight Music Server 3.76.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from stored-xss attacks, allowing attackers to execute arbitrary...

5.4CVSS5.5AI score0.00171EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.22 views

PT-2026-45437

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

5.4CVSS5.9AI score0.00171EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Nextcloud 访问控制错误漏洞

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. In versions 1.3.6 to 8.4.0, there was a vulnerability related to access control. This vulnerability stemmed from improper checks, allowing users...

8.8CVSS5.3AI score0.00193EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/30 12:0 a.m.13 views

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/29 6:49 a.m.17 views

CVE-2026-41076

A flaw was found in RT, an open-source issue and ticket tracking system. This vulnerability allows a remote attacker to bypass authentication in RT installations configured to use LDAP/AD Lightweight Directory Access Protocol/Active Directory for user authentication. Under specific LDAP server...

8.1CVSS5.8AI score0.00392EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:10 a.m.9 views

net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels

...

8.1CVSS5.4AI score0.00321EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 4:42 a.m.39 views

CVE-2026-9801 Keycloak: keycloak: denial of service via malformed ldap password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS0.00476EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.12 views

AgentDoG 1.5: A Lightweight and Scalable Alignment Framework for AI Agent Safety and Security

Modern open-world agents such as OpenClaw exhibit powerful cross-environment execution capabilities yet introduce broad new safety risk sources. Meanwhile, advanced frontier AI models drastically lower attack barriers, rendering current agent alignment frameworks inadequate for real-world...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.19 views

PT-2026-44194

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw allows a remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker who has compromis...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References11
CVE
CVE
added 2026/05/27 2:13 p.m.27 views

CVE-2026-48917

CVE-2026-48917 affects Jenkins LDAP Plugin (807.v7d7de30930cf and earlier). The issue is that it deserializes data from LDAP referrals without validation, with CVSS 3.1 base score 6.6 (Medium) and impacts on confidentiality, integrity, and availability rated High. Exploitation details are not pro...

6.6CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/27 12:59 p.m.10 views

EUVD-2026-32482

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

5.8AI score0.00321EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.18 views

CVE-2026-46099

net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels...

8.1CVSS5.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 8:16 a.m.18 views

CVE-2026-44052

Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to the log files to obtain LDAP credentials...

7.5CVSS0.00245EPSS
Exploits0References1
Rows per page
Query Builder