Lucene search
K

103 matches found

CVE
CVE
added yesterday31 views

CVE-2026-55628

ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...

5.5CVSS5.7AI score
Exploits0References1
NVD
NVD
added 2026/06/24 4:17 a.m.9 views

CVE-2026-3652

The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the value parameter of the arfsaveincompleteformdata AJAX action in all versions up to, and including, 7.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 9:29 p.m.33 views

CVE-2026-45624 ImageMagick: Heap Buffer Over-Read of a 4 bytes in distort operation.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-47 and 7.1.2-22, when performing a polynomial distortion an out of bounds over-read of 24 bytes can occur when specifying specific arguments. This issue has been patched in...

5.1CVSS0.0012EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 10:11 a.m.14 views

Security Bulletin: IBM Tivoli Composite Application Manager for Application Diagnostics installed IBM WebSphere Application Server is affected by multiple vulnerabilities when using when using Web Server Plug-ins.

Summary The security issue described in CVE-2026-8633, CVE-2026-8620 has been identified in WebSphere Application Server included as part of IBM Tivoli Composite Application Manager for Application Diagnostics. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes...

9.8CVSS5.3AI score0.00847EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.14 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 8:9 p.m.56 views

EUVD-2026-32920

TinyMCE Cross-Site Scripting XSS vulnerability using sanitization bypass through nested SVGs...

8.7CVSS5.4AI score0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/05 8:9 p.m.22 views

TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

Impact TinyMCE 6.8.x contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. Patches This issue affects TinyMCE 6.8.x-7.0.x. The vulnerability is fix...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-36178

The factory reset functionality in GNCC GP5 v7.1.76 fails to clear sensitive cryptographic material in the JFFS2 configuration partition, possibly allowing attackers to recover and obtain sensitive user data...

4.6CVSS5.5AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39337

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

10CVSS6.4AI score0.00715EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 3:18 p.m.8 views

CVE-2026-47760 TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 3:18 p.m.26 views

CVE-2026-47760

CVE-2026-47760 affects TinyMCE before 7.1.0, where an XSS flaw arises from improper SVG namespace scope handling in the sanitizer. The issue allows a crafted payload using nested SVG elements to bypass attribute sanitization and execute arbitrary JavaScript. Affected versions are 6.8.0 up to, but...

8.7CVSS6AI score0.00191EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44389

Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...

8.7CVSS6AI score0.00191EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux - уязвимость в libreoffice

In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so that it does not match the denylist, resulting in ShellExecute attempting to launch an executable file...

9.3CVSS7.4AI score0.0417EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.30 views

CVE-2026-42484

A heap-based buffer overflow in hextobinary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When datatypeenum=1,...

0.00444EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/13 9:32 p.m.5 views

CVE-2026-40310

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...

5.5CVSS5.2AI score0.00189EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 contained a buffer error vulnerability. This vulnerability stemmed from improper handling of...

6.2CVSS6AI score0.0018EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

DbGate 代码注入漏洞

DbGate is an open-source database manager developed by DbGate. Versions of DbGate 7.1.4 and earlier contained a code injection vulnerability. This vulnerability stemmed from the operation of the applicationIcon parameter in the SVG Icon String Handler component, which allowed for cross-site...

5.1CVSS5.7AI score0.00191EPSS
Exploits0References5
NVD
NVD
added 2026/04/08 9:16 a.m.7 views

CVE-2026-39618

Cross-Site Request Forgery CSRF vulnerability in themearile NewsExo newsexo allows Cross Site Request Forgery.This issue affects NewsExo: from n/a through = 7.1...

4.3CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 6:16 p.m.3 views

CVE-2026-39343

ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The ENtyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...

7.2CVSS0.00254EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 6:16 p.m.6 views

CVE-2026-39334

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

8.8CVSS0.00253EPSS
Exploits0References1
Rows per page
Query Builder