Lucene search
+L

6853 matches found

nuclei
nuclei
added yesterday11 views

Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

6.9CVSS6.2AI score0.00614EPSS
Exploits0References3
nuclei
nuclei
added yesterday14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
fedora
fedora
added yesterday8 views

[SECURITY] Fedora 43 Update: perl-Imager-1.033-1.fc43

Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...

9.8CVSS6.1AI score0.00394EPSS
Exploits0
redhatcve
redhatcve
added 2 days ago6 views

CVE-2026-48801

A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...

8.7CVSS6AI score0.00445EPSS
Exploits0References5
cvelist
cvelist
added 2 days ago29 views

CVE-2026-61873 Grav before 9.1.8 Arbitrary File Write via Twig-Processed Filename

Grav before 9.1.8 contains an arbitrary file write vulnerability in the Form plugin's process.save.filename parameter, which is validated against path traversal before Twig processing but never re-validated after rendering. Attackers can submit form data containing path traversal sequences that a...

8.1CVSS0.00256EPSS
Exploits0References2
nvd
nvd
added 3 days ago6 views

CVE-2026-15736

Snowflake SQLAlchemy versions prior to 1.11.0 contain several security vulnerabilities, including: Improper handling of user-supplied column identifiers in merge operations could allow SQL injection through attacker-controlled input keys. An attacker may be able to exploit this through request...

8.3CVSS0.00267EPSS
Exploits0References1
nvd
nvd
added 4 days ago4 views

CVE-2026-15548

A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely...

9CVSS0.00738EPSS
Exploits0References5
cve
cve
added 4 days ago14 views

CVE-2026-15548

CVE-2026-15548 affects Shibby Tomato up to version 1.28.0000. The flaw resides in the DNS List Rendering component, specifically the function sub_407220 in /usr/sbin/httpd, where a stack-based buffer overflow can be triggered remotely. The vulnerability is described across multiple sources as ena...

9CVSS7.2AI score0.00738EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago33 views

CVE-2026-15548 Shibby Tomato DNS List Rendering httpd sub_407220 stack-based overflow

A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely...

9CVSS0.00738EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago34 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS0.00478EPSS
Exploits0References1
cvelist
cvelist
added 4 days ago34 views

CVE-2026-15551 Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
nessus
nessus
added 5 days ago6 views

Fedora 44 : webkitgtk (2026-3bc4b3ccb3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3bc4b3ccb3 advisory. Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering...

8.8CVSS7.1AI score0.72648EPSS
Exploits15References24
redhat
redhat
added 6 days ago5 views

linkify-it: linkify-it: Denial of Service via algorithmic complexity vulnerability

A flaw was found in linkify-it, a library for recognizing links with full Unicode support. The LinkifyIt.prototype.match function, the package's primary public API, has an algorithmic complexity of ON² for inputs containing many fuzzy links or emails. This can be exploited by a remote attacker...

8.7CVSS6AI score0.00445EPSS
Exploits0References6
euvd
euvd
added last week7 views

EUVD-2026-39126

SiYuan: Stored XSS in Bazaar marketplace via package README event handlers...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References2
nvd
nvd
added last week9 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS0.00135EPSS
Exploits0References1
cve
cve
added last week34 views

CVE-2026-59791

The CVE-2026-59791 affects JetBrains YouTrack prior to version 2026.2.17012, where CSS injection was possible through Mermaid diagram rendering. According to the available sources, the vulnerability is tied to the Mermaid diagram rendering component and could impact user interface rendering, with...

3.5CVSS6.1AI score0.00135EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added last week29 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS0.00135EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/07/09 11:11 a.m.8 views

CVE-2026-54267

A flaw was found in the Angular framework's client-side hydration feature for Server-Side Rendered SSR applications. This vulnerability, known as DOM Clobbering, allows a remote attacker to inject malicious data into the application's internal data cache. By exploiting a predictable identifier us...

8.6CVSS6AI score0.00179EPSS
Exploits0References6
nessus
nessus
added 2026/07/09 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the...

6.1CVSS6.1AI score0.00191EPSS
Exploits0References3
nvd
nvd
added 2026/07/08 10:17 p.m.7 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
Rows per page
Query Builder