Lucene search
K

113 matches found

nvd
nvd
added 2026/04/15 6:16 a.m.3 views

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

6.1CVSS0.00287EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/04/06 12:0 a.m.10 views

WeGIA 输入验证错误漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions of WeGIA prior to 3.6.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from the lack of URL validation or allowlist checks, which could lead...

6.1CVSS5.8AI score0.00186EPSS
Exploits1References2
cve
cve
added 2026/03/27 8:39 p.m.8 views

CVE-2026-33885

Statamic Open Redirect (CVE-2026-33885): Affected versions before 5.73.16 and before 6.7.2 have an issue where external URL detection for redirect validation on unauthenticated endpoints could be bypassed via URL parsing differentials. Impact is redirects to external URLs after actions like form ...

6.1CVSS5.7AI score0.00177EPSS
Exploits0References1Affected Software1
redhatcve
redhatcve
added 2026/03/26 3:7 p.m.4 views

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

7.5CVSS5.8AI score0.00414EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/03/25 12:0 a.m.11 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

6.2CVSS5.8AI score0.00232EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/03/11 7:5 p.m.4 views

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS5.8AI score0.00414EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2026/02/17 1:27 p.m.7 views

CVE-2026-1046

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

7.6CVSS5.9AI score0.00235EPSS
Exploits0References1
euvd
euvd
added 2026/02/16 3:32 p.m.14 views

EUVD-2026-6090

Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a user’s system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...

7.6CVSS5.9AI score0.00235EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/01/09 10:17 a.m.6 views

CVE-2019-18454

An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS...

6.1CVSS6.6AI score0.00691EPSS
Exploits0References1
euvd
euvd
added 2025/12/24 3:30 p.m.6 views

EUVD-2022-55804

In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...

5.8AI score0.00216EPSS
Exploits0References9
cve
cve
added 2025/12/24 1:5 p.m.14 views

CVE-2022-50757

CVE-2022-50757 is a Linux kernel vulnerability affecting the media/camss subsystem. The issue arises when streaming fails to start (for example, media_pipeline_start() may fail with EPIPE during link validation), and the driver incorrectly handles received buffers, triggering a kernel warning. Th...

5.9AI score0.00216EPSS
Exploits0References8
cvelist
cvelist
added 2025/12/24 1:5 p.m.28 views

CVE-2022-50757 media: camss: Clean up received buffers on failed start of streaming

In the Linux kernel, the following vulnerability has been resolved: media: camss: Clean up received buffers on failed start of streaming It is required to return the received buffers, if streaming can not be started. For instance mediapipelinestart may fail with EPIPE, if a link validation betwee...

0.00216EPSS
Exploits0References8
cnvd
cnvd
added 2025/12/19 12:0 a.m.4 views

Apple macOS Tahoe Symbolic Link Validation Insufficiency Vulnerability

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a Symbolic Link Validation Insufficiency vulnerability that can be exploited by an attacke...

5.5CVSS6.1AI score0.00182EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/11 9:58 a.m.10 views

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic link validation,...

8.8CVSS7.9AI score0.00145EPSS
Exploits0References1
nvd
nvd
added 2025/12/10 10:16 a.m.13 views

CVE-2025-7073

A local privilege escalation vulnerability in Bitdefender Total Security versions prior to 27.0.47.241 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory C:\ProgramData\Atc\Feedback without proper symbolic...

8.8CVSS0.00145EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/12/10 12:0 a.m.6 views

Bitdefender Total Security 后置链接漏洞

Bitdefender Total Security is a proactive threat protection software for PCs from the Romanian company Bitdefender. The software features antivirus, firewall, anti-spyware, privacy control, and parental control. It also includes features such as System TuneUp. A backlink vulnerability exists in...

8.8CVSS6.8AI score0.00145EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/11/04 12:0 a.m.6 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma prior to 14.8.2 and Sequoia prior to 15.7.2, which stems from insufficient symbolic link validation and could result in the...

5.5CVSS6.1AI score0.00211EPSS
Exploits0References4
cnnvd
cnnvd
added 2025/11/04 12:0 a.m.4 views

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sequoia prior to version 15.7, which stems from insufficient symbolic link validation and could lead to bypassing privacy...

5.5CVSS6.2AI score0.00172EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/11/04 12:0 a.m.4 views

Apple多款产品 安全漏洞

Apple iOS is an operating system developed for mobile devices, Apple tvOS is a smart TV operating system, and Apple watchOS is a smart watch operating system. A security vulnerability exists in several Apple products that stems from insufficient symbolic link validation, which could cause an...

6.3CVSS6AI score0.00287EPSS
Exploits0References9
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-8204

Malware in sbrugna...

6.1CVSS6.1AI score0.00691EPSS
Exploits0References4
Rows per page
Query Builder