Lucene search
K

4537 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.11 views

PT-2026-39621

Name of the Vulnerable Software and Affected Versions Corteza version 2024.9.8 Description An issue exists in the Microsoft SQL Server MSSQL backend when filtering Compose records by the meta field, which allows for SQL injection. SQL injection is a type of flaw that enables an attacker to...

6CVSS5.9AI score0.00211EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/09 2:43 a.m.10 views

SUSE CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References14
Fedora
Fedora
added 2026/05/08 7:58 p.m.19 views

[SECURITY] Fedora 43 Update: kernel-7.0.4-100.fc43

The kernel meta package...

8.8CVSS6AI score0.93235EPSS
Exploits33
OSV
OSV
added 2026/05/08 7:51 p.m.4 views

GHSA-6C2X-GCP3-GP73 Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Global Knowledge Base Enumeration via knowledge-bases Meta-Collection Affected Component Retrieval collection access validation: - backend/openwebui/routers/retrieval.py lines 2330-2355, validatecollectionaccess - backend/openwebui/routers/retrieval.py query endpoints, e.g. POST /query/doc Affect...

4.3CVSS5.9AI score0.00221EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/08 7:51 p.m.13 views

Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

Global Knowledge Base Enumeration via knowledge-bases Meta-Collection Affected Component Retrieval collection access validation: - backend/openwebui/routers/retrieval.py lines 2330-2355, validatecollectionaccess - backend/openwebui/routers/retrieval.py query endpoints, e.g. POST /query/doc Affect...

4.3CVSS5.9AI score0.00221EPSS
Exploits1References3Affected Software1
Fedora
Fedora
added 2026/05/08 7:40 p.m.11 views

[SECURITY] Fedora 42 Update: kernel-6.19.14-101.fc42

The kernel meta package...

8.8CVSS6AI score0.93235EPSS
Exploits33
Fedora
Fedora
added 2026/05/08 7:29 p.m.23 views

[SECURITY] Fedora 44 Update: kernel-7.0.4-200.fc44

The kernel meta package...

8.8CVSS6AI score0.93235EPSS
Exploits33
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.15 views

PT-2026-39274

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The validate collection access function employs an incomplete allowlist that only verifies ownership for collections starting with user-memory- and file-. Other collection names, such as the...

4.3CVSS5.8AI score0.00221EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.22 views

Linux Distros Unpatched Vulnerability : CVE-2026-39823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 9:30 p.m.21 views

EUVD-2026-28424

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5
NVD
NVD
added 2026/05/07 8:16 p.m.16 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS0.00314EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 8:16 p.m.7 views

DEBIAN-CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.8 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00328EPSS
Exploits0References7
OSV
OSV
added 2026/05/07 8:16 p.m.5 views

UBUNTU-CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.43 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 7:41 p.m.15 views

CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

7.3AI score0.00328EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.8 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0
CVE
CVE
added 2026/05/07 7:41 p.m.60 views

CVE-2026-39823

Summary: CVE-2026-39823 covers an escapebug in HTML meta tag content handling that can trigger XSS when URLs are inserted into a meta tag’s content attribute and whitespace is manipulated. Multiple connected sources confirm the issue and describe the root cause as incorrect escaping of URLs insid...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.21 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0
OSV
OSV
added 2026/05/07 7:21 p.m.15 views

GO-2026-4982 Bypass of meta content URL escaping causes XSS in html/template

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0References3
Rows per page
Query Builder