Lucene search
K

1184 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46444

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in Core allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References433
Snyk
Snyk
added 2026/06/03 9:9 p.m.9 views

Server-side Request Forgery (SSRF)

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML rendering process when the...

8.2CVSS5.8AI score0.00384EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the Password Manager component. It could allow remote attackers who have compromised...

8.1CVSS5.6AI score0.0031EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-42502)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-42502 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.11 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References1
NVD
NVD
added 2026/05/30 10:16 a.m.24 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS0.01174EPSS
Exploits3References6
Cvelist
Cvelist
added 2026/05/30 9:29 a.m.45 views

CVE-2026-7465 Spectra Gutenberg Blocks <= 2.19.25 - Authenticated (Contributor+) Remote Code Execution via Arbitrary PHP Function Call via Block Attributes

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS0.01174EPSS
Exploits3References6
ATTACKERKB
ATTACKERKB
added 2026/05/30 9:29 a.m.12 views

CVE-2026-7465

The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.19.25. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server...

8.8CVSS6.1AI score0.01174EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/05/30 12:0 a.m.25 views

PT-2026-45089

Name of the Vulnerable Software and Affected Versions Spectra Gutenberg Blocks – Website Builder for the Block Editor versions prior to 2.19.26 Description The plugin is susceptible to Remote Code Execution, allowing authenticated attackers with Contributor-level access or higher to execute code ...

8.8CVSS6.2AI score0.01174EPSS
Exploits3References12
NVD
NVD
added 2026/05/28 4:16 p.m.27 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 4:16 p.m.8 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
PyPA
PyPA
added 2026/05/28 4:16 p.m.8 views

PYSEC-0000-CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
PyPA
PyPA
added 2026/05/28 4:16 p.m.65 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/28 2:24 p.m.10 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 2:24 p.m.34 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 2:24 p.m.19 views

EUVD-2026-32907

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 2:24 p.m.11 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 12:8 p.m.10 views

SUSE-SU-2026:21858-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References15
CVE
CVE
added 2026/05/28 7:43 a.m.18 views

CVE-2026-8689

The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...

4.3CVSS5.9AI score0.00242EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 5:33 p.m.8 views

GHSA-HH27-HF48-9F5Q LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References2
Rows per page
Query Builder