Lucene search
K

2870 matches found

Atlassian
Atlassian
added 2026/05/06 4:29 p.m.20 views

File Inclusion in Jira Service Management Data Center

This High severity File Inclusion vulnerability was introduced in versions 5.15.2, 5.16.1, 5.17.0, 10.0.0, 10.1.2, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.7.1, 11.0.0, 11.1.0, 11.2.0, and 11.3.0 of Jira Service Management Data Center. This File Inclusion vulnerability, with a CVSS Score of 7.1...

7.1CVSS6.8AI score0.00288EPSS
Exploits1
Atlassian
Atlassian
added 2026/05/06 4:29 p.m.21 views

File Inclusion in Jira Service Management Data Center

This High severity File Inclusion vulnerability was introduced in version 11.3.3 of Jira Service Management Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N allows an unauthenticated...

8.2CVSS6.8AI score0.00253EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...

8.7CVSS5.8AI score0.00319EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/05 9:16 p.m.9 views

External Control of File Name or Path

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to External Control of File Name or Path through the backup restoration. An attacker can access arbitrary local files by supplying a crafted backup archive containing ...

8.7CVSS5.9AI score0.00354EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 3:31 p.m.9 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection in the XML parsing process. An attacker can access sensitive files or execute arbitrary code by supplying crafted XML data containing external entity references. Details XXE Injection is a type of attac...

5.3CVSS6.2AI score0.00232EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/02 2:47 a.m.6 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References1
NVD
NVD
added 2026/04/30 10:16 p.m.3 views

CVE-2026-7551

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/30 9:29 p.m.33 views

CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS0.00649EPSS
Exploits1References3
CVE
CVE
added 2026/04/30 9:29 p.m.16 views

CVE-2026-7551

The CVE describes a remote code execution vulnerability in HKUDS OpenHarness exposed via the /bridge command. An attacker-enabled /bridge spawn command can forward attacker-controlled text to the bridge session manager and execute commands through the shared shell subprocess helper, allowing shel...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/30 9:29 p.m.5 views

EUVD-2026-26451

HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...

8.8CVSS6.7AI score0.00649EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/30 11:5 a.m.5 views

EUVD-2026-26368

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS5.3AI score0.00401EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/30 11:5 a.m.29 views

CVE-2026-41882

In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server...

7.4CVSS0.00401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.9 views

PT-2026-36203

Name of the Vulnerable Software and Affected Versions HKUDS OpenHarness affected versions not specified Description A remote code execution issue exists in the '/bridge' slash command. Remote senders accepted by the configuration can execute arbitrary operating system commands. This occurs when t...

8.8CVSS6.6AI score0.00649EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.11 views

JetBrains IntelliJ IDEA 后置链接漏洞

JetBrains IntelliJ IDEA is an integrated development environment for Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, and 2026.1.1 have a post-link vulnerability. This vulnerability stems from issu...

7.5CVSS5.9AI score0.00401EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/29 9:34 p.m.9 views

OpenClaw: Webchat audio embedding could read local files without local-root containment

Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...

5.4AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/29 9:34 p.m.3 views

GHSA-GFG9-5357-HV4C OpenClaw: Webchat audio embedding could read local files without local-root containment

Impact OpenClaw deployments before 2026.4.15 could embed host-local audio files into webchat responses without applying the local media root containment check used by other media-serving paths. If an attacker could influence an agent or tool-produced ReplyPayload.mediaUrl, the webchat audio...

6CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.7 views

PT-2026-35793

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.8 Description A filesystem policy bypass exists in the processing of docx uploads, enabling local file reads outside of workspace boundaries. This allows attackers to access files beyond the intended...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/25 8:50 p.m.121 views

Exploit for CVE-2026-41177

CVE-2026-41177: Squidex CMS Blind SSRF Technical research and...

5.5CVSS5.6AI score0.00329EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/24 4:45 p.m.24 views

CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS0.00324EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 4:45 p.m.3 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.3AI score0.00324EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder