Lucene search
K

533 matches found

OSV
OSV
added 10 hours ago5 views

ROOT-OS-UBUNTU-2204-CVE-2024-46820 CVE-2024-46820 in rootio-linux - Patched by Root

Root has patched CVE-2024-46820 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.8CVSS7.9AI score0.00231EPSS
Exploits0
OSV
OSV
added 10 hours ago5 views

ROOT-OS-UBUNTU-2204-CVE-2022-50322 CVE-2022-50322 in rootio-linux - Patched by Root

Root has patched CVE-2022-50322 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00143EPSS
Exploits0
OSV
OSV
added 10 hours ago7 views

ROOT-OS-UBUNTU-2204-CVE-2025-39898 CVE-2025-39898 in rootio-linux - Patched by Root

Root has patched CVE-2025-39898 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

8.2AI score
Exploits0
OSV
OSV
added 10 hours ago5 views

ROOT-OS-UBUNTU-2204-CVE-2026-53001 CVE-2026-53001 in rootio-linux - Patched by Root

Root has patched CVE-2026-53001 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.8AI score0.00176EPSS
Exploits0
OSV
OSV
added 12 hours ago12 views

ROOT-OS-DEBIAN-12-CVE-2025-39931 CVE-2025-39931 in rootio-linux - Patched by Root

Root has patched CVE-2025-39931 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS6.5AI score0.00137EPSS
Exploits0
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-57212 RabbitMQ management HTTP API accepts request bodies larger than configured max_http_body_size

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.1CVSS0.00293EPSS
Exploits1References6
CVE
CVE
added 4 days ago10 views

CVE-2026-56665

ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS0.00264EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score0.00309EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-50188 Kirby: Request header injection in `Http\Remote`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS0.0029EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00303EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 5 days ago9 views

PT-2026-57000

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description A stored cross-site scripting issue exists where a malicious second factor name on ...

7.3CVSS6.2AI score0.00392EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56993

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description The signup flow allows newly registered users to set the primary group id variable...

8.2CVSS6.1AI score0.00309EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-56997

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Restricted tag and tag-group names attached to publicly readable categories as...

6.3CVSS6.1AI score0.00384EPSS
Exploits0References8
CVE
CVE
added 6 days ago17 views

CVE-2026-13320

GitLab CE/EE vulnerability CVE-2026-13320: an authenticated user could execute arbitrary scripts in another user’s browser session due to improper sanitization of input. Affected versions include all 15.7.x prior to 18.11.7, 19.0.x prior to 19.0.4, and 19.1.x prior to 19.1.2. GitLab has remediate...

7.3CVSS6.2AI score0.00243EPSS
Exploits0References3Affected Software1
NVD
NVD
added 6 days ago5 views

CVE-2026-58209

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS0.00342EPSS
Exploits0References5
CVE
CVE
added last week13 views

CVE-2026-55428

CVE-2026-55428 (Coder) describes a route hijack risk in the tailnet coordinator where an agent’s AllowedIPs are not validated against the agent’s authenticated UUID, unlike the Addresses check. The coordinator forwards adversarially supplied AllowedIPs to WireGuard peers, potentially enabling an ...

8.2CVSS6AI score0.00405EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/07/07 8:44 p.m.7 views

CVE-2026-53935 CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespa...

6.9CVSS6AI score0.00341EPSS
Exploits0References9
OSV
OSV
added 2026/07/05 5:19 a.m.4 views

ROOT-OS-UBUNTU-2404-CVE-2025-39961 CVE-2025-39961 in rootio-linux - Patched by Root

Root has patched CVE-2025-39961 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

4.7CVSS8.2AI score0.00101EPSS
Exploits0
NVD
NVD
added 2026/07/01 10:16 p.m.8 views

CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS0.0022EPSS
Exploits0References1
Rows per page
Query Builder