Lucene search
+L

805 matches found

packetstorm
packetstorm
added 2026/04/13 12:0 a.m.121 views

📄 TypiCMS Cross Site Scripting

TypiCMS versions prior to 16.1.7 suffer from a persistent cross site scripting via SVG file uploads. CVE-2026-27621: TypiCMS Core has Stored Cross-Site Scripting XSS via SVG File Upload Overview | Field | Details | |---|---| | CVE ID | CVE-2026-27621 | | Severity | MEDIUM | | Advisory | View...

6.8CVSS5.2AI score0.00188EPSS
Exploits2
cvelist
cvelist
added 2026/04/07 7:53 p.m.20 views

CVE-2026-32863 Out-of-Bounds Read in sentry_transaction_context_set_operation()

There is a memory corruption vulnerability due to an out-of-bounds read in sentrytransactioncontextsetoperation in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafte...

8.5CVSS0.00193EPSS
Exploits0References1
osv
osv
added 2026/04/07 3:17 p.m.10 views

PYSEC-2026-51

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGIRequest allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants with hyphens or with underscores to a single version with underscores. Earlier, unsupported Django...

7.5CVSS5.8AI score0.00436EPSS
Exploits0References4
vulnersosv
vulnersosv
added 2026/03/31 11:7 p.m.5 views

nautobot-bgp-models (>=3.0.0a1 <=3.0.0a2), nautobot-capacity-metrics (=4.0.0a1) +12 more potentially affected by CVE-2026-34203 via nautobot (=3.0.0rc2)

nautobot PYPI version =3.0.0rc2 is affected by a known vulnerability. The following packages have a transitive dependency on nautobot and may be impacted: - nautobot-bgp-models =3.0.0a1, =3.0.0rc1, =4.0.0a1, =3.0.0a1, =4.0.0a1, =4.0.0a2 - nautobot-ssot =4.0.0a1 - nautobot-welcome-wizard =3.0.0a1...

4.3CVSS5.8AI score0.00245EPSS
Exploits0
cvelist
cvelist
added 2026/03/25 4:34 p.m.27 views

CVE-2026-2745 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

6.8CVSS0.00276EPSS
Exploits0References3
osv
osv
added 2026/03/09 7:54 p.m.5 views

GHSA-9Q36-67VC-RRWG OpenClaw: Sandboxed /acp spawn requests could initialize host ACP sessions

Summary Sandboxed requester sessions could reach host-side ACP session initialization through /acp spawn. OpenClaw already blocked sessionsspawn runtime: "acp" from sandboxed sessions, but the slash-command path initialized ACP directly without applying the same host-runtime guard first. Affected...

6.1CVSS5.5AI score0.00104EPSS
Exploits0References6
nvd
nvd
added 2026/02/20 11:15 a.m.8 views

CVE-2026-21620

Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp tftpfile modules, erlang otp inets tftpfile modules, erlang otp tftp tftpfile modules allows Relative Path Traversal. This vulnerability is associated with program files...

2.3CVSS0.00461EPSS
Exploits0References8
vulnersosv
vulnersosv
added 2026/02/18 12:50 a.m.9 views

vantuz (>=3.3.2 <=3.3.7) potentially affected by CVE-2026-28463 via openclaw (=0.0.1)

openclaw NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on openclaw and may be impacted: - vantuz =3.3.2, =3.3.7 Source cves: CVE-2026-28463 Source advisory: OSV:GHSA-XVHF-X56F-2HPP...

8.6CVSS5.8AI score0.00167EPSS
Exploits0
euvd
euvd
added 2026/02/03 2:36 p.m.7 views

EUVD-2026-5249

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

5.4CVSS5.6AI score0.00754EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/02 10:58 p.m.34 views

CVE-2025-6596 Vector inserts portlet labels as HTML, allowing for stored XSS through system messages

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

0.00386EPSS
Exploits0References1
patchstack
patchstack
added 2026/02/02 2:18 p.m.14 views

WordPress Royal Elementor Addons and Templates plugin <= 1.3.971 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ DOM-Based Stored Cross-Site Scripting vulnerability discovered by wesley wcraft in WordPress Plugin Royal Elementor Addons versions = 1.3.971...

6.5CVSS5.3AI score0.00336EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/01/27 4:16 p.m.5 views

AZL-75789 CVE-2026-22795 affecting package openssl 1.1.1k-38

Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...

5.5CVSS5.7AI score0.00144EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/01/09 11:56 a.m.11 views

CVE-2018-4438

A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9...

8.8CVSS6AI score0.05827EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/01/09 11:55 a.m.7 views

CVE-2018-4380

A lock screen issue allowed access to photos and contacts on a locked device. This issue was addressed by restricting options offered on a locked device. This issue affected versions prior to iOS 12.0.1...

5.5CVSS6.1AI score0.00322EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 11:54 a.m.7 views

CVE-2018-4410

A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS Mojave 10.14.1...

9.3CVSS6.5AI score0.00935EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 10:32 a.m.10 views

CVE-2017-18887

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members...

5.3CVSS6.9AI score0.0092EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:26 a.m.8 views

CVE-2023-4011

An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS...

7.5CVSS6.4AI score0.00656EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 9:26 a.m.10 views

CVE-2023-4002

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or group...

6.5CVSS6.6AI score0.00488EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/01/09 9:6 a.m.15 views

CVE-2024-34765

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Sensei Sensei Pro WC Paid Courses allows Stored XSS.This issue affects Sensei Pro WC Paid Courses: from n/a through 4.23.1.1.23.1...

6.5CVSS6.7AI score0.00353EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/09 8:58 a.m.12 views

CVE-2023-31231

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5.65...

9.9CVSS6.4AI score0.00652EPSS
Exploits0References1
Rows per page
Query Builder