Lucene search
K

1060 matches found

Nuclei
Nuclei
added 16 hours ago18 views

Güralp MAN-EAM-0003 3.2.4 - XML External Entity (XXE)

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure. id: CVE-2022-38840 info: name: Güralp MAN-EAM-0003 3.2.4 - XML External Entity XXE author: daffainfo severity: high description: |...

7.5CVSS7AI score0.09803EPSS
Exploits4References2
Nuclei
Nuclei
added 16 hours ago31 views

Cellinx NVT Web Server - Local File Disclosure

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. id: CVE-2023-23063 info: name: Cellinx NVT Web Server - Local File Disclosure author: daffainfo severity: high description: | Cellinx NVT v1.0.6.002b was discover...

7.5CVSS7AI score0.02431EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 16 hours ago4 views

SUSE CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40066

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References5
Nuclei
Nuclei
added 6 days ago154 views

Adobe Connect < 12.1.5 - Local File Disclosure

Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...

5.3CVSS6.1AI score0.81875EPSS
Exploits4References4
NVD
NVD
added 2026/06/19 6:16 p.m.12 views

CVE-2026-49359

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS0.00242EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 5:6 p.m.17 views

CVE-2026-49359 PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option

PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, pontedilana/php-weasyprint fetches the content of option values server-side via filegetcontents when the value looks like a URL, without restricting the URL scheme. The attachment option of...

6.5CVSS0.00242EPSS
Exploits0References4
CVE
CVE
added 2026/06/19 5:6 p.m.11 views

CVE-2026-49359

PhpWeasyPrint (pontedilana/php-weasyprint) prior to version 2.6.0 is vulnerable: the attachment option for Pdf can accept any value that passes filter_var(url), including http, https, ftp, file, and PHP streams like php://. The library fetches these values server-side via file_get_contents, allow...

6.5CVSS6AI score0.00242EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy was enforced on the raw filename string before the filesystem resolved it. As a result, policy rules such as /etc/ could be...

8.6CVSS7.2AI score0.00671EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51002

Name of the Vulnerable Software and Affected Versions PhpWeasyPrint versions prior to 2.6.0 Description PhpWeasyPrint is a PHP library used for generating PDFs from HTML pages or URLs. The library fetches content of option values server-side using the file get contents function when a value is...

6.5CVSS5.9AI score0.00242EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/10 12:0 a.m.6 views

XML External Entity (XXE) Injection

Overview org.springframework.ws:spring-xml is a dependency of org.springframework.ws. Affected versions of this package are vulnerable to XML External Entity XXE Injection via the Jaxp13XPathTemplate class in Jaxp13XPathTemplate.java. When XPath expressions are evaluated against StreamSource and...

8.8CVSS5.7AI score0.00352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.9 views

Oracle Linux 7 : ImageMagick (ELSA-2026-17618)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-17618 advisory. - Fix CVE-2026-32636 Orabug: 39375225 - Fix CVE-2026-28691 and CVE-2026-28693 Orabug: 39174244 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965...

9.8CVSS7.5AI score0.00794EPSS
Exploits3References2
Oracle linux
Oracle linux
added 2026/06/05 12:0 a.m.9 views

ImageMagick security update

6.9.10.68-7.0.11 - Fix CVE-2026-32636 Orabug: 39375225 6.9.10.68-7.0.9 - Fix CVE-2026-28691 and CVE-2026-28693 Orabug: 39174244 6.9.10.68-7.0.7 - Fixes Local File Disclosure via Path Traversal CVE-2026-25965 Orabug: 39118995 - Fixes Memory allocation with excessive without limits in the internal...

7.5CVSS5.4AI score0.00475EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/04 11:58 a.m.11 views

CVE-2026-44353

A flaw was found in Streamlink. Its HLS HTTP Live Streaming and DASH Dynamic Adaptive Streaming over HTTP parsers do not properly validate the URI Uniform Resource Identifier scheme of segment entries. A remote attacker could craft a malicious HLS playlist or DASH manifest to include local file...

6.5CVSS5.8AI score0.00345EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/03 4:1 p.m.7 views

CVE-2026-45553

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.7AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 3:34 p.m.46 views

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS0.00255EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 3:34 p.m.7 views

CVE-2026-45553 NiceGUI: Local file disclosure via Docutils file insertion in ui.restructured_text()

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructuredtext renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content to ui.restructuredtext, an attacker can use standard...

7.5CVSS5.7AI score0.00255EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 3:34 p.m.16 views

CVE-2026-45553

CVE-2026-45553 affects NiceGUI prior to v3.12.0. The server-side reStructuredText renderer (ui.restructured_text) passes content through Docutils without disabling file insertion directives, enabling an attacker-controlled input to trigger include, csv-table with :file:, or raw with :file:. This ...

7.5CVSS5.8AI score0.00255EPSS
Exploits0References2
Rows per page
Query Builder