Lucene search
K

16898 matches found

CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

GitLab CE/EE 跨站请求伪造漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Versions of GitLab CE/EE prior to 18.9.6, 18.10.4, and 18.11.1 had a...

8.1CVSS5.8AI score0.00178EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 8:35 p.m.32 views

CVE-2026-35251

...

7.5CVSS0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 8:35 p.m.4 views

CVE-2026-35230

...

7.5CVSS7.2AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 8:35 p.m.10 views

CVE-2026-34321

The CVE-2026-34321 entry concerns Oracle Financial Services Applications Infrastructure (OFSAI) – UI component. Affects 8.0.7.9, 8.0.8.7, and 8.1.2.5. The vulnerability can be triggered by a low-privileged attacker with network access over HTTP and requires user interaction, leading to unauthoriz...

4.8CVSS5.8AI score0.00196EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 8:35 p.m.3 views

CVE-2026-22014

...

3.8CVSS5.7AI score0.00193EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 6:26 p.m.6 views

EUVD-2026-24035

OpenBao's SQL Injection in PostgreSQL database secrets engine...

4.6CVSS5.8AI score0.00235EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 2:55 p.m.32 views

CVE-2026-3219 pip doesn't reject concatenated ZIP and tar archives

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS0.00144EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:30 a.m.7 views

CVE-2026-6634

A weakness has been identified in usememos memos up to 0.22.1. This affects the function memosaccesstoken of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00252EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.11 views

PT-2026-33780

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb users/plugin/AppCentre/app upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available...

5.8CVSS5.4AI score0.00223EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.5 views

PT-2026-33457

Name of the Vulnerable Software and Affected Versions JetBrains Junie versions prior to 252.549.29 Description Command execution is possible through the use of a malicious project file. Recommendations Update to version 252.549.29 or later...

5.8CVSS5.9AI score0.00257EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.7 views

.NET and Visual Studio Denial of Service Vulnerability

Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network...

7.5CVSS6AI score0.01553EPSS
Exploits0
Patchstack
Patchstack
added 2026/04/14 2:35 a.m.3 views

WordPress User Registration & Membership plugin <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability

Unauthenticated Open Redirect via 'redirecttoonlogout' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.4...

6.1CVSS5.8AI score0.00663EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/14 2:16 a.m.8 views

CVE-2026-39425

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

5.4CVSS0.0018EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32903

Bridge | Heap-based Buffer Overflow CWE-122 CVE: CVE-2026-27310 PT ID: PT-2026-32903 Vendor: Adobe Product: Bridge CVSS: 7.8 Credits: n/a Description: Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code executio...

7.8CVSS6.3AI score0.00254EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 12:0 a.m.6 views

UBUNTU-CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

7.5CVSS5.8AI score0.02142EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/13 5:15 p.m.21 views

CVE-2026-28291 simple-git has Command Execution via Option-Parsing Bypass

simple-git enables running native Git commands from JavaScript. Versions up to and including 3.31.1 allow execution of arbitrary commands through Git option manipulation, bypassing safety checks meant to block dangerous options like -u and --upload-pack. The flaw stems from an incomplete fix for...

8.1CVSS0.00652EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 2:45 a.m.4 views

CVE-2026-6005

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.5CVSS6.5AI score0.00196EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/08 6:34 p.m.3 views

EUVD-2026-20475

stata-mcp has insufficient validation of user-supplied Stata do-file content that can lead to command execution...

6AI score0.00557EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2026/04/07 12:0 a.m.20 views

Fedora: Security Advisory (FEDORA-2026-ca43aa006f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS5.9AI score0.00478EPSS
Exploits3References12
Cvelist
Cvelist
added 2026/04/06 7:1 p.m.17 views

CVE-2026-35178 Workbench Affected by Remote Code Execution (RCE) via Malicious Cookie in Timezone Conversion

Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerability in the timezone conversion flow, which processes attacker-controlled cookie values in an...

9.3CVSS0.00491EPSS
Exploits0References2
Rows per page
Query Builder