Lucene search
K

120 matches found

NVD
NVD
added 3 days ago4 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS0.00201EPSS
Exploits0References1
CVE
CVE
added 3 days ago8 views

CVE-2026-54263

Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: < 7.0.8, < 7.3.3,

7.3CVSS5.5AI score0.00203EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-54261 Wagtail: Improper permission handling in image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS0.00201EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/08 12:0 a.m.20 views

Server-side Request Forgery (SSRF)

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via...

6.5CVSS5.5AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/08 12:0 a.m.8 views

Session Fixation

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Session Fixation via session fixation...

6.5CVSS5.3AI score0.00197EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: ImageMagick (UTSA-2026-017551)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017551 advisory. The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory in routine WritePALMImage because it needs to be offset by 256. This can cause a...

5.5CVSS6.3AI score0.01016EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 4 : php-5.3.3-48.AXS4 (AXSA:2016-621:04)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-621:04 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in...

8.1CVSS7.1AI score0.50427EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2006-3090

Malware in sbrugna...

6.8CVSS6.2AI score0.0603EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20262

Malware in sbrugna...

4.3CVSS6.4AI score0.01124EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2022-6314

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.00498EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-22002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior t...

6CVSS7.2AI score0.00337EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-21991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior t...

3.2CVSS6.6AI score0.00329EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2023-21989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior t...

6CVSS7.2AI score0.00342EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-21990

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 6.1.44 and Prior t...

8.2CVSS7.3AI score0.00332EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/07/28 11:33 p.m.4 views

SUSE CVE-2024-55605

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the tolowercase, touppercase, stripwhitespace, compresswhitespace, dotprefix, headerlowercase, strippseudoheaders, urldecode, or xor...

7.5CVSS7.3AI score0.00629EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.4 views

Fortinet FortiOS和Fortinet FortiProxy 安全漏洞

Fortinet FortiOS and Fortinet FortiProxy are both products of Fortinet, Inc. Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform. The system provides users with a variety of security features such as firewall, antivirus, IPSec/SSLVPN, Web content...

3.2CVSS6.3AI score0.00183EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 2:35 a.m.6 views

CVE-2012-0873

Multiple cross-site scripting XSS vulnerabilities in Boonex Dolphin before 7.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 explain parameter to explanation.php or the 2 photosonly, 3 onlineonly, or 4 mode parameters to viewFriends.php...

4.3CVSS5.9AI score0.04254EPSS
Exploits2References1
NVD
NVD
added 2025/01/06 6:15 p.m.16 views

CVE-2024-55626

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8...

5.5CVSS0.00242EPSS
Exploits0References4
CVE
CVE
added 2025/01/06 6:2 p.m.144 views

CVE-2024-55628

Suricata is affected by CVE-2024-55628 due to DNS resource name compression before version 7.0.8, which can produce small DNS messages with very large hostnames and generate oversized log records. The issue has been addressed in Suricata 7.0.8 and later. (Supported by PTSecurity/PT-2025-48205, PT...

7.5CVSS7.5AI score0.00668EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2025/01/06 6:2 p.m.14 views

CVE-2024-55628

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log...

7.5CVSS7AI score0.00668EPSS
Exploits0
Rows per page
Query Builder