Lucene search
+L

22831 matches found

osv
osv
added 13 hours ago9 views

ROOT-OS-DEBIAN-13-CVE-2004-0230 CVE-2004-0230 in rootio-linux - Patched by Root

Root has patched CVE-2004-0230 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5CVSS5.4AI score0.80855EPSS
Exploits3
osv
osv
added 13 hours ago11 views

ROOT-OS-DEBIAN-13-CVE-2026-31511 CVE-2026-31511 in rootio-linux - Patched by Root

Root has patched CVE-2026-31511 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

6.1CVSS5.2AI score0.00129EPSS
Exploits0
osv
osv
added 13 hours ago11 views

ROOT-OS-DEBIAN-13-CVE-2025-71077 CVE-2025-71077 in rootio-linux - Patched by Root

Root has patched CVE-2025-71077 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
nvd
nvd
added yesterday5 views

CVE-2026-56742

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant...

5.9CVSS
Exploits0References8
cve
cve
added yesterday15 views

CVE-2025-32781

CVE-2025-32781 affects Apollo Portal prior to 2.5.0, where an authenticated user can request a release by ID (GET /envs/{env}/releases/{releaseId}) with configView.memberOnly.envs enabled and read configuration data from other applications/namespaces. Root cause: missing application/namespace per...

6.5CVSS6.1AI score
Exploits0References4
euvd
euvd
added yesterday4 views

EUVD-2026-44723

Composer is a dependency Manager for the PHP language. Prior to 1.10.28, 2.2.28, and 2.9.8, Composer\IO\BaseIO::loadConfiguration validates GitHub OAuth tokens with the regex ^.A-Za-z0-9+$ and interpolates rejected tokens into an UnexpectedValueException; GitHub Actions GITHUBTOKEN values using t...

7.5CVSS6AI score0.00079EPSS
Exploits0References9
euvd
euvd
added yesterday4 views

EUVD-2026-44707

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.63.6 to 2.63.16, File Browser's archive builder uses strings.ReplaceAllnameInArchive, "", "/", which turns a POSIX filename such as ....\evil.sh into the...

6.8CVSS6.1AI score
Exploits0References3
euvd
euvd
added yesterday5 views

EUVD-2026-44670

LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.5.4, the server defaults to CORSORIGINS= combined with allowcredentials=True in lightrag/api/lightragserver.py, causing Starlette CORSMiddleware to effectively whitelist every origin for credentialed cross-origin request...

9.3CVSS6.1AI score
Exploits0References6
osv
osv
added yesterday13 views

ROOT-APP-NPM-CVE-2026-44574 CVE-2026-44574 in @rootio/next - Patched by Root

Root has patched CVE-2026-44574 in the @rootio/next package for Root:npm. Multiple fixed versions available...

8.1CVSS5.8AI score0.00485EPSS
Exploits2
euvd
euvd
added yesterday5 views

EUVD-2026-44650

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS6.2AI score
Exploits0References2
osv
osv
added yesterday4 views

ROOT-OS-DEBIAN-12-CVE-2026-49346 CVE-2026-49346 in rootio-libde265 - Patched by Root

Root has patched CVE-2026-49346 in the rootio-libde265 package for Root:Debian:12. Multiple fixed versions available...

7.1CVSS6.1AI score0.00227EPSS
Exploits1
osv
osv
added yesterday21 views

ROOT-APP-NPM-CVE-2025-62718 CVE-2025-62718 in @rootio/axios - Patched by Root

Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

9.9CVSS5.8AI score0.01161EPSS
Exploits1
ptsecurity
ptsecurity
added yesterday5 views

PT-2026-60310

Name of the Vulnerable Software and Affected Versions Node Version Manager nvm versions 0.32.1 through 0.40.5 Description An issue exists where nvm ls-remote and other commands that refresh remote LTS aliases, such as nvm install --lts, parse the node.js mirror's index.tab and use the LTS codenam...

3.1CVSS6.4AI score
Exploits0References4
nvd
nvd
added 2 days ago7 views

CVE-2026-49981

Twig is a template language for PHP. Prior to 3.27.0, the per-template filter, tag, and function allow-list verdict is computed when a Template instance is constructed and can remain cached after sandbox state changes between renders, allowing a later sandboxed render to reuse a template that was...

6CVSS0.00414EPSS
Exploits0References3
osv
osv
added 2 days ago4 views

DEBIAN-CVE-2026-49854

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocketmask without validating that the mask argument is exactly four bytes, allowing the C function to read up to three bytes beyond the provided...

5.3CVSS6.1AI score0.0045EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago30 views

CVE-2026-46644 symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

Symfony Polyfill backports PHP features and provides compatibility layers for extensions and functions. From 1.17.1 until 1.38.1, symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload is empty or decodes to ASCII-only code points because Idn::process does not enforce the UTS 46...

6.9CVSS0.00394EPSS
Exploits0References3
cvelist
cvelist
added 2 days ago33 views

CVE-2026-53486 decompress: Archive extraction can create files and links outside the target directory

The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink...

9.1CVSS0.00588EPSS
Exploits0References7
cve
cve
added 2 days ago35 views

CVE-2026-49978

CVE-2026-49978 affects DOMPurify, where IN_PLACE sanitization before version 3.4.7 could skip shadow contents inside a .content, allowing attacker-controlled markup (e.g., event handlers, JavaScript URLs, scripts) to survive during cloning and insertion of sanitized templates. The issue is fixed ...

6.3CVSS6.1AI score0.00388EPSS
Exploits0References3
cve
cve
added 2 days ago42 views

CVE-2026-45069

CVE-2026-45069 concerns Symfony’s OidcTokenHandler, where verifyClaims() registered aud/iss/exp checkers but did not pass the mandatory claims list to ClaimCheckerManager::check(). Consequently, a validly signed JWT missing these claims could pass verification. The issue is fixed in Symfony relea...

9.1CVSS6.1AI score0.00242EPSS
Exploits0References4Affected Software1
osv
osv
added 2 days ago2 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.00242EPSS
Exploits0References6
Rows per page
Query Builder