Lucene search
K

1064 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-lxml (UTSA-2026-021468)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021468 advisory. lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/15 12:31 p.m.11 views

CVE-2026-41552 Path Traversal in PDF Export Module

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.8AI score0.00497EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.9 views

PT-2026-41297

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.8AI score0.00397EPSS
Exploits0References4
NVD
NVD
added 2026/05/14 9:16 p.m.12 views

CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 8:8 p.m.7 views

CVE-2026-44647

OneDev is a Git server with CI/CD, kanban, and packages. Prior to 15.0.2, there is behavior that breaks the expected boundary between repository-controlled LFS metadata and server-local filesystem paths. A repository object can steer raw blob reads to arbitrary local files that the server account...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/14 2:57 p.m.11 views

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs inadequate input validation in the validateCommandFlags and validateArgsForLocalFileAccess functions. An attacker can execute arbitrary commands on the server by bypassi...

8.8CVSS6.1AI score
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.9 views

OneDev 路径遍历漏洞

OneDev is a JAVA-based multi-functional DevOps platform developed by Theonedev team. This platform supports container building, orchestration, CI, Git management, and team collaboration, helping developers create a simple yet powerful development platform. Versions of OneDev prior to 15.0.2 had a...

7.1CVSS5.9AI score0.00319EPSS
Exploits0References2
PyPA
PyPA
added 2026/05/12 6:17 p.m.12 views

PYSEC-2026-30

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/08 6:35 p.m.11 views

EUVD-2026-28513

Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click...

9.6CVSS6AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 4:29 p.m.8 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection while processing XML entities. An attacker can inject arbitrary attributes into generated XML or HTML by crafting attribute values containing quotes, which are improperly parsed and split into multiple...

7.4CVSS6.1AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 3:50 p.m.10 views

EUVD-2026-28804

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

6.6CVSS6.3AI score0.00851EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/08 6:32 a.m.10 views

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the XML parsing process when a declaration references an external host. An attacker can access sensitive...

8.7CVSS5.9AI score0.00232EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 6:32 a.m.10 views

XML External Entity (XXE) Injection

Overview org.opencms:opencms-core is a Java open source content management system by Alkacon Software. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the cmis-online/query process. An attacker can access sensitive information by submitting specially...

7.3CVSS5.9AI score0.02231EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 4:16 a.m.14 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS0.00394EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:14 a.m.7 views

CVE-2026-41646

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:1 a.m.7 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS6.4AI score0.00394EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained a security vulnerability. This vulnerability stemmed from the identifier parameter in/api/app/attachment/preview, where...

8.8CVSS6.1AI score0.15653EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-38647

Name of the Vulnerable Software and Affected Versions Electerm versions prior to 3.8.16 Description The terminal hyperlink handler passes any URL clicked in the terminal directly to the shell.openExternal function without protocol validation. An attacker controlling terminal output, such as throu...

9.6CVSS6.2AI score0.00394EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/06 11:43 p.m.17 views

Playwright Capture permits access to local files and internal network resources during page capture

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.22 views

File Inclusion in Jira Software Data Center

This High severity File Inclusion vulnerability was introduced in versions 9.15.2, 9.16.1, 9.17.1, 10.0.1, 10.1.1, 10.2.1, 10.3.0, 10.4.1, 10.5.1, 10.6.0, 10.7.1, 11.0.1, 11.1.1, 11.2.0, and 11.3.0 of Jira Software Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVS...

8.6CVSS6.7AI score0.00408EPSS
Exploits2
Rows per page
Query Builder