Lucene search
+L

2676 matches found

redhatcve
redhatcve
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45660

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

5.4CVSS5.5AI score0.00151EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.10 views

CVE-2026-45620

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.4AI score0.00193EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:22 p.m.13 views

CVE-2026-7182

Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1...

9.2CVSS5.5AI score0.00397EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41552

PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated PDF. This issue was fixed in PDF...

9.2CVSS5.5AI score0.00497EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.4AI score0.00418EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.22 views

PT-2026-46840

Name of the Vulnerable Software and Affected Versions OpenStack Ironic versions 32 through 35.0.1 Description An unauthenticated malicious user can cause a service crash by submitting a crafted JSON string to certain endpoints on the API or JSON-RPC service. Recommendations Update OpenStack Ironi...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References21
nvd
nvd
added 2026/06/02 8:16 p.m.15 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS0.00418EPSS
Exploits0References4
osv
osv
added 2026/06/02 8:16 p.m.14 views

UBUNTU-CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.2AI score0.00418EPSS
Exploits0References2
euvd
euvd
added 2026/06/02 6:32 p.m.13 views

EUVD-2026-34006

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00418EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/02 6:32 p.m.8 views

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

8.4CVSS5.8AI score0.00418EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.20 views

PT-2026-45847

Name of the Vulnerable Software and Affected Versions glp versions prior to 11.0.7 Description An unauthenticated user with write access to the knowledge base can store a Cross-Site Scripting XSS payload in a knowledge base item. XSS is a type of security flaw where malicious scripts are injected...

8.4CVSS5.4AI score0.00418EPSS
Exploits0References8
nvd
nvd
added 2026/05/29 6:17 p.m.36 views

CVE-2026-45660

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

5.4CVSS0.00151EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/29 4:43 p.m.11 views

CVE-2026-45660 Statamic: Server-Side Request Forgery via Glide

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't normalized before the public-IP check. An unauthenticated user could cause the server to make HTTP...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References1
osv
osv
added 2026/05/29 1:7 p.m.2 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/29 1:7 p.m.41 views

CVE-2026-45620 AVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumeration

WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck or admin gate. It only has an entry guard: pregmatch'/^@/', $REQUEST'term' and hard-coded rowCount=10. This enables unauthenticated user enumeration...

5.3CVSS0.00193EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/28 8:13 p.m.12 views

CVE-2026-8180

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential denial of service in the asperahttpd component. An unauthenticated user can cause...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux-Firmware

Improper initialization of the IntelR PROSet/Wireless and IntelR KillerTM Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable information disclosure via adjacent access...

4.3CVSS5.4AI score0.0039EPSS
Exploits0References2
euvd
euvd
added 2026/05/20 1:25 a.m.10 views

EUVD-2026-31019

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

9.8CVSS5.8AI score0.00494EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.20 views

PT-2026-41695

Name of the Vulnerable Software and Affected Versions Statamic versions prior to 5.73.22 Statamic versions prior to 6.18.1 Description The Glide image proxy contains a flaw where URL validation can be bypassed using an IP representation that is not normalized before the public-IP check. This allo...

5.4CVSS5.8AI score0.00151EPSS
Exploits0References8
nvd
nvd
added 2026/05/15 7:16 p.m.13 views

CVE-2026-44366

Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.1, a Stored Cross-Site Scripting XSS vulnerability exists in the Vvveb CMS comment submission flow. The author field is submitted by an unauthenticated user on any public post...

6.1CVSS0.0025EPSS
Exploits0References1
Rows per page
Query Builder