Lucene search
K

153 matches found

NVD
NVD
added 3 days ago7 views

CVE-2026-29519

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS0.00386EPSS
Exploits1References2
CVE
CVE
added 3 days ago11 views

CVE-2026-29519

CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-42906

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS0.00386EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-57164

Name of the Vulnerable Software and Affected Versions Lucee CFML Server versions 5.3.x Lucee CFML Server versions 6.1.x Lucee CFML Server versions 6.2.x Lucee CFML Server versions 7.0.x Description Reflected cross-site scripting occurs during URL path parsing, allowing unauthenticated remote...

8.2CVSS6.3AI score0.00386EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/25 3:59 p.m.20 views

CVE-2026-54573 Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...

5.3CVSS0.00285EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 3:59 p.m.8 views

CVE-2026-54573

CVE-2026-54573 affects Outline (a collaborative documentation service). Before version 1.8.0, AuthenticationHelper.canAccess uses ctx.originalUrl and extracts the target resource by splitting on “/” and taking the last segment, but does not strip the URL fragment (#). Since Koa’s router uses ctx....

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2026/06/11 7:16 p.m.12 views

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.5CVSS0.0014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 6:47 p.m.12 views

CVE-2025-24268

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data...

5.4AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44749

The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts e.g., regex patterns and revealing underlying URI parsing logic. Leading to low impact on confidentiality. Integrity and availability are unaffected...

4.3CVSS5.5AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.16 views

PT-2026-44724

Name of the Vulnerable Software and Affected Versions python311-dulwich versions prior to 1.2.5-1.1 Description Security issues were identified in the python311-dulwich package. Recommendations Update to version 1.2.5-1.1...

8.8CVSS5.4AI score0.00635EPSS
Exploits0References21
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dm mpath: Added the missing dmputdevice call when failing to obtain the scsi dh name. When commit fd81bc5cca8f “scsi: devicehandler: Returning an error pointer in scsidhattachedhandlername”, code was added to fail the parsing of...

5.5CVSS5.6AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-28915

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges...

7.8CVSS5.8AI score0.00178EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 8:7 p.m.20 views

CVE-2026-28915

A parsing issue in the handling of directory paths was fixed by improved path validation in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. The flaw could allow an app to gain root privileges. The CVE is tied to CVE-2026-28915 and is addressed by the listed OS updates; no additio...

7.8CVSS5.8AI score0.00178EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/05 6:52 p.m.9 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/05 6:52 p.m.9 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper handling of resource path matching and authorization checks. An attacker can gain unauthorized access to protected resources or perform unauthorized actions by crafting requests that exploit...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/22 1:45 p.m.4 views

CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 1:45 p.m.14 views

CVE-2026-6862

CVE-2026-6862: A flaw in libefiboot (part of efivar) affects the device path node parser, which does not validate that each node’s Length is at least 4 bytes (EFI node header minimum). A crafted device path node could trigger infinite recursion, stack exhaustion, and a DoS via a process crash. Do...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.4 views

PT-2026-34450

A flaw was found in libefiboot, a component of efivar. The device path node parser in libefiboot fails to validate that each node's Length field is at least 4 bytes, which is the minimum size for an EFI Extensible Firmware Interface device path node header. A local user could exploit this...

5.5CVSS5.7AI score0.00104EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/02 6:31 p.m.3 views

EUVD-2026-18436

A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent...

7.1CVSS6.1AI score0.00296EPSS
Exploits0References4
Rows per page
Query Builder