Lucene search
K

104 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-55229

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

DEBIAN-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References1
NVD
NVD
added 2026/06/30 1:16 a.m.11 views

CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS0.0051EPSS
Exploits1References1
OSV
OSV
added 2026/06/30 1:16 a.m.4 views

UBUNTU-CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/06/30 12:14 a.m.5 views

CVE-2026-12243

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.2AI score0.0051EPSS
Exploits1
EUVD
EUVD
added 2026/06/30 12:14 a.m.14 views

EUVD-2026-40240

NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue 3504. The UNSAFENOPROTOCOLRE regex in nltk/data.py checks for literal ../ sequences but fails to account for percent-encoded traversal sequences such as ..%2f. The url2pathname function decodes...

7.5CVSS7.3AI score0.0051EPSS
Exploits1References1
CVE
CVE
added 2026/05/27 8:15 p.m.17 views

CVE-2026-21785

CVE-2026-21785 relates to a misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions ≤ 10.1.0.0442). The CSP failures occur because directives are defined without fallbacks, enabling attackers to bypass intended security restrictions and load unauthorized re...

4CVSS5.8AI score0.00148EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 9:31 a.m.6 views

EUVD-2026-19586

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated user provided "key" value could be...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References3
NVD
NVD
added 2026/04/07 9:16 a.m.6 views

CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS0.00419EPSS
Exploits0References2
OSV
OSV
added 2026/04/07 9:16 a.m.5 views

UBUNTU-CVE-2026-33227

Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ Web, Apache ActiveMQ. In two instances when creating a Stomp consumer and also browsing messages in the Web console an authenticated...

4.3CVSS5.7AI score0.00419EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30804

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Client versions prior to 5.19.3, from 6.0.0 through 6.2.2 Apache ActiveMQ Broker versions prior to 5.19.3, from 6.0.0 through 6.2.2 Apache ActiveMQ All versions prior to 5.19.3, from 6.0.0 through 6.2.2 Description An improper...

4.3CVSS5.9AI score0.00419EPSS
Exploits0References28
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

Apache ActiveMQ 安全漏洞

Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a security vulnerability in Apache ActiveMQ, which stems from improper class path name validation and...

4.3CVSS5.8AI score0.00419EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.9 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References1
NVD
NVD
added 2026/03/31 10:16 p.m.7 views

CVE-2026-34442

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

6.1CVSS0.00219EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/31 9:28 p.m.4 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 9:28 p.m.11 views

EUVD-2026-17673

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 9:28 p.m.25 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS0.00219EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 9:28 p.m.21 views

CVE-2026-34442

FreeScout (PHP/Laravel) is affected prior to version 1.8.211 due to host header manipulation in-generated absolute URLs. The vulnerability arises because the application uses the unvalidated Host header to construct links and assets, enabling External Resource Loading and Open Redirects to attack...

6.1CVSS5.7AI score0.00219EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/31 9:28 p.m.6 views

CVE-2026-34442 FreeScout: Host Header Injection Leading to External Resource Loading and Open Redirect in FreeScout

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version http://localhost:8080/system/status allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External...

5.4CVSS5.7AI score0.00219EPSS
Exploits1References5
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

7.9CVSS5.8AI score0.01249EPSS
In wildExploits1References2
Rows per page
Query Builder