Lucene search
K

4373 matches found

Nuclei
Nuclei
added yesterday25 views

Alfresco Share - Open Redirect

Alfresco Share before 5.2.6, 6.0.N and 6.1.N contains an open redirect vulnerability via a crafted POST request. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-14223 info: name:...

6.1CVSS6.3AI score0.04474EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday17 views

Sassy Social Share <= 3.3.3 - Cross-Site Scripting

The Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'urls' parameter called via the 'heateorssssharingcount' AJAX action in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS5.9AI score0.1544EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-7531

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References3
NVD
NVD
added 3 days ago10 views

CVE-2026-56781

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 3 days ago6 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
CVE
CVE
added 3 days ago6 views

CVE-2026-56781

The CVE-2026-56781 entry details an improper access control in Teable prior to 2026-06-15T04-43-24Z.1912 where anonymous attackers can access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40157

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 3 days ago9 views

CVE-2026-13583

A vulnerability has been found in Edimax EW-7478APC 1.04. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the component POST Request Handler. Such manipulation of the argument ShareName/SelectName leads to buffer overflow. The attack may be performed from remote. The...

9CVSS0.00445EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

PYSEC-2026-577 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

9.9CVSS5.7AI score0.00061EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-40013

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is n...

9CVSS8AI score0.00466EPSS
Exploits0References7
NVD
NVD
added 3 days ago9 views

CVE-2026-13516

A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is n...

9CVSS0.00466EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 6 days ago7 views

CVE-2026-53198

A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel SMB server. An authenticated SMB client can trigger a use-after-free vulnerability by sending a double SMB2CANCEL request for the same asynchronous operation. This can lead to memory corruption, potentially allowing an...

8.8CVSS6.1AI score0.00466EPSS
Exploits0References4
EUVD
EUVD
added last week4 views

EUVD-2026-39554

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
Cvelist
Cvelist
added last week21 views

CVE-2026-7531 Use-after-free in PQC hybrid key-share handling

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

2.3CVSS0.00346EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-7531

CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added last week6 views

CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0
NVD
NVD
added last week6 views

CVE-2026-56768

Seahub before 13.0.23 does not enforce SHARELINKLOGINREQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link token can call the GET endpoint to obtain a fileserver zip token and download entire shared directory...

8.8CVSS0.00381EPSS
Exploits0References5
NVD
NVD
added last week12 views

CVE-2026-54091

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS0.00471EPSS
Exploits0References3
NVD
NVD
added last week7 views

CVE-2026-54094

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.14, it does not stop the HTTP file handlers from following symbolic links before they open, serve, write, share, or list a file. As a result, a...

7.5CVSS0.0046EPSS
Exploits0References1
Rows per page
Query Builder