Lucene search
K

27 matches found

EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42803

The affiliate-toolkit – WP Affiliate Plugin with Amazon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'atkpproduct' shortcode in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. Th...

6.4CVSS6.1AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 11:45 a.m.6 views

PYSEC-2026-1148 Improper Certificate Validation vulnerability in Apache Airflow FTP Provider

Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTPTLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.createdefaultcontext during FTPTLS...

2.7CVSS6AI score0.00626EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 9:24 p.m.18 views

CVE-2026-55570 SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375's patch)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields name, version, author, description when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is...

9CVSS0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:21 p.m.21 views

CVE-2026-54759 SiYuan: Lute HTML sanitizer allows `<iframe>` tags in Bazaar package README, leading to arbitrary command execution via SiYuan Electron client

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove elements. Combined with the SiYuan Electron client's permissive security configuration, an attacker can include a malicious in a Bazaar package README that executes arbitrary...

8.7CVSS0.00262EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 8:45 p.m.41 views

CVE-2026-10291

CVE-2026-10291 affects Enderfga claw-orchestrator (up to 3.7.0). The vulnerability lies in the function validateRegex in claw-orchestrator/src/embedded-server.ts of the Session Grep Endpoint , where manipulating the argument body.pattern leads to inefficient regular expression complexity. Remote ...

5.3CVSS5.4AI score0.00354EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/05/31 4:30 p.m.38 views

CVE-2026-10194

A weakness has been identified in OFFIS DCMTK 3.7.0. This affects the function DcmQueryRetrieveIndexDatabaseHandle::deleteOldestImages of the file dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched...

6.5CVSS6.8AI score0.00247EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 2:33 p.m.42 views

CVE-2026-49059 WordPress Facebook for WooCommerce plugin <= 3.7.0 - Open Redirection vulnerability

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0...

4.7CVSS0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/14 6:19 p.m.44 views

CVE-2026-45148 SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate metadata from documents that are invisible to the publish service. This vulnerability is fixed in...

4.3CVSS0.00221EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 6:32 p.m.4 views

CVE-2026-42872 WeGIA: Reflected XSS in listar_arquivos_etapa.php

WeGIA is a web manager for charitable institutions. In versions prior to 3.7.0, a reflected Cross-Site Scripting XSS vulnerability exists in listaarquivosetapa.php due to improper handling of user-supplied input. The idprocesso parameter is directly embedded into the HTML without sanitization,...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

OFFIS DCMTK 操作系统命令注入漏洞

OFFIS DCMTK is a collection of libraries and applications developed by the German company OFFIS that implement most DICOM standards. It includes software for checking, processing, and converting DICOM image files, handling offline media, sending and receiving images via network connections, as we...

9.8CVSS7.1AI score0.01721EPSS
Exploits0References7
OSV
OSV
added 2026/03/30 1:16 a.m.1 views

CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow

A path traversal vulnerability exists in the extractarchivetodir function within the mlflow/pyfunc/dbconnectartifactcache.py file of the mlflow/mlflow repository. This vulnerability, present in versions before v3.7.0, arises due to the lack of validation of tar member paths during extraction. An...

9.6CVSS7.3AI score0.00587EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/06 9:12 p.m.38 views

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

6.1CVSS0.00241EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/18 12:2 a.m.39 views

CVE-2025-14841 OFFIS DCMTK dcmqrscp dcmqrdbi.cc startMoveRequest null pointer dereference

A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null...

4.8CVSS0.00113EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.7 views

Ash Framework 安全漏洞

Ash Framework is an Ash Framework open source framework for building Elixir applications. A security vulnerability exists in Ash Framework version 3.6.3 through versions prior to 3.7.1, which stems from improper authorization and could lead to authentication bypass...

8.6CVSS6.6AI score0.00805EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/22 8:31 a.m.5 views

CVE-2025-53196

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetEngine jet-engine allows Retrieve Embedded Sensitive Data.This issue affects JetEngine: from n/a through = 3.7.0...

5.9AI score0.00459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:26 a.m.7 views

CVE-2023-27444

Cross-Site Request Forgery CSRF vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin = 3.7.0 versions...

8.8CVSS7AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:2 p.m.9 views

CVE-2022-33708

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege...

7.8CVSS6.7AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/28 12:0 a.m.5 views

Snowflake ODBC Driver 安全漏洞

Snowflake ODBC Driver is a powerful tool from Snowflake to connect to a live Snowflake data warehouse directly from any application that supports ODBC connectivity. A security vulnerability exists in Snowflake ODBC Driver versions prior to 3.7.0, which stems from logging sensitive information and...

3.3CVSS6.2AI score0.0013EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:46 p.m.9 views

CVE-2024-43370

gettext.js is a GNU gettext port for node and the browser. There is a cross-site scripting XSS injection if .po dictionary definition files are corrupted. This vulnerability has been patched in version 2.0.3. As a workaround, control the origin of the definition catalog to prevent the use of this...

7.2CVSS5.9AI score0.0038EPSS
Exploits0
CNNVD
CNNVD
added 2024/11/15 12:0 a.m.6 views

Zephyr 安全漏洞

Zephyr is an extensible real-time operating system RTOS that is open-sourced by Zephyr. A security vulnerability exists in Zephyr version 3.7.0 and prior versions, which stems from a gp reg pointing to the 0x800 byte at the beginning of the .sdata section when Global Pointer GP Relative Addressin...

9.3CVSS6.7AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder