Lucene search
+L

16916 matches found

Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.8 views

PT-2026-22720

Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.16 views

PT-2026-22949

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.17.0-beta.1 and 5.9.0-beta.1 Description A security issue exists that allows an authenticated administrator to execute arbitrary code. This is possible by injecting a Server-Side Template Injection SSTI payload into...

9.4CVSS6.2AI score0.01067EPSS
Exploits1References9
Snyk
Snyk
added 2026/03/02 10:3 p.m.4 views

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the system.run execution. An attacker can execute an unintended or malicious executable by altering the PATH resolution after approval, causing a different binar...

8.7CVSS5.8AI score0.00091EPSS
Exploits0References3
EUVD
EUVD
added 2026/02/27 9:1 p.m.7 views

EUVD-2026-9059

phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint...

7.5CVSS5.9AI score0.0041EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.9 views

PT-2026-22324

Name of the Vulnerable Software and Affected Versions Johnson Controls Frick Controls Quantum HD versions prior to 10.22 Description A flaw exists in Johnson Controls Frick Controls Quantum HD that allows for the execution of code remotely without authentication. This is due to insufficient...

9.8CVSS6.2AI score0.00626EPSS
Exploits0References8
CVE
CVE
added 2026/02/25 8:5 p.m.29 views

CVE-2026-0752

CVE-2026-0752 concerns GitLab CE/EE where an unauthenticated user could inject arbitrary scripts into the Mermaid sandbox UI under certain circumstances. The issue affected all versions 16.2 up to but not including 18.7.5, all 18.8 releases before 18.8.5, and all 18.9 releases before 18.9.1. GitL...

8CVSS5.6AI score0.00309EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2026/02/25 12:0 a.m.2 views

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2026-12870)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A buffer overflow vulnerability exists in Adobe After Effects, which can be...

7.8CVSS6.4AI score0.00184EPSS
Exploits0References1
CNVD
CNVD
added 2026/02/25 12:0 a.m.3 views

Adobe After Effects Type Obfuscation Vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A type confusion vulnerability exists in Adobe After Effects, which can be...

7.8CVSS6.2AI score0.00211EPSS
Exploits0References1
CNVD
CNVD
added 2026/02/25 12:0 a.m.4 views

Adobe After Effects Resource Management Error Vulnerability

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. Adobe After Effects suffers from a resource management error vulnerability...

7.8CVSS6.2AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.6 views

PT-2026-21928

Name of the Vulnerable Software and Affected Versions KrakenD-CE versions prior to 2.13.1 KrakenD-EE versions prior to 2.13.0 Description An improper resource shutdown or release issue exists in KrakenD, specifically within the CircuitBreaker modules of both KrakenD-CE and KrakenD-EE. The issue...

5.3CVSS5.2AI score0.00256EPSS
Exploits0References6
OSV
OSV
added 2026/02/24 2:16 a.m.1 views

DEBIAN-CVE-2026-25987

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image decoder when processing crafted MAP files, potentially leading to crashes or unintended memory...

9.1CVSS7.9AI score0.0037EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/24 2:1 a.m.4 views

Expired Pointer Dereference

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS5.6AI score0.0045EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 12:54 a.m.2 views

NULL Pointer Dereference

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.2CVSS6AI score0.00376EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 12:49 a.m.4 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

6.9CVSS6AI score0.00325EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 7:22 p.m.2 views

DEBIAN-CVE-2025-61146

saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component mallocstub.c...

4CVSS5.2AI score0.00118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.8 views

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

8.2CVSS6AI score0.00315EPSS
Exploits1References1
Veracode
Veracode
added 2026/02/20 8:39 a.m.7 views

CRLF Injection

Litestar is vulnerable to CRLF Injection. The vulnerability is due to unescaped URL paths during exception logging, which allows an attacker to inject newline characters and forge or manipulate log entries...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.8 views

PT-2026-20945

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in OpenText™ XM Fax allows Path Traversal. The vulnerability could allow an attacker to arbitrarily disclose content of files on the local filesystem. This issue affects XM Fax: 24.2...

7.1CVSS5.5AI score0.00309EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.9 views

GFI MailEssentials AI 安全漏洞

GFI MailEssentials AI is an open-source anti-spam and data breach protection software developed by GFI in the United States. Versions of GFI MailEssentials AI prior to version 22.4 contained a security vulnerability. This vulnerability stemmed from a storage cross-site scripting vulnerability...

5.4CVSS5.6AI score0.00163EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

SPIP 安全漏洞

SPIP is an open-source software created by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability, which was caused by improper cleaning of URLSYNDIC outputs on private joint site pages. This vulnerability could lead to storage-side cross-site...

6.4CVSS5.6AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder