Lucene search
+L

190 matches found

EUVD
EUVD
added 2026/05/08 10:51 p.m.14 views

EUVD-2026-28861

Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting XSS vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary JavaScript in a crafted EPUB file. When a victim opens the book, the script executes in their browser wi...

6.3CVSS5.7AI score0.00136EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 3:38 p.m.11 views

GHSA-XV9C-MJW8-79GF Sidekiq-cron is vulnerable to a cross-site scripting (xss) vulnerability via crafted URL

Sidekiq-cron thru 2.3.1, an open-source scheduling add-on for Sidekiq, is vulnerable to a cross-site scripting xss vulnerability via crafted URL being rended from cron.erb...

6.1CVSS5.6AI score0.00194EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/06 2:21 p.m.11 views

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/05/01 9:33 a.m.13 views

WordPress Anti-Spam Protection – No API Key, GDPR Friendly plugin <= 2.3.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Anti-Spam by Fullworks : GDPR Compliant Spam Protection versions = 2.3.7...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/30 5:8 p.m.6 views

OPENSUSE-SU-2026:20658-1 Security update for himmelblau

This update for himmelblau fixes the following issues: Update to version 2.3.9+git0.a9fd29b. Security issues fixed: - CVE-2026-34397: Fixed naming collision that can lead to local privilege escalation bsc1261324. Other updates and bugfixes: - update aws-lc-sys to 0.39.0 for security fixes - updat...

7CVSS5.8AI score0.00158EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:0 a.m.11 views

CVE-2026-38935

A reflected cross-site scripting XSS vulnerability exists in diskover-community = 2.3.5 in public/view.php via the doctype parameter...

6.1CVSS4.8AI score0.00194EPSS
Exploits0References4
CVE
CVE
added 2026/04/27 12:0 a.m.17 views

CVE-2026-38934

CVE-2026-38934 affects diskoverdata diskover-community v2.3.5 and earlier. The issue is a Cross-Site Request Forgery vulnerability in public/settings_process.php that permits a remote attacker to escalate privileges and access sensitive information. The CVE details provide a high-severity impact ...

8.8CVSS5.3AI score0.00223EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/26 1:30 p.m.9 views

EUVD-2026-25721

A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been made public and could be used. This vulnerability only...

6.5CVSS5.2AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 3:52 a.m.5 views

CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron

Froxlor is open source server administration software. Prior to version 2.3.6, DataDump.add constructs the export destination path from user-supplied input without passing the $fixedhomedir parameter to FileDir::makeCorrectDir, bypassing the symlink validation that was added to all other...

7.5CVSS7.5AI score0.00414EPSS
Exploits1References3
NVD
NVD
added 2026/04/10 5:17 p.m.6 views

CVE-2026-35598

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the authenticated user has access to the task's project. Any authenticated CalDAV user who knows or...

4.3CVSS0.00216EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.5 views

PT-2026-29414

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using OAuth2 clients on any version of XenForo 2.3 prior to 2.3.5, potentially allowing client applications to gain access beyond their intended authorization level...

8.8CVSS5.9AI score0.00265EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 10:22 p.m.2 views

CVE-2026-34556

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS5.9AI score0.00156EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 10:22 p.m.28 views

CVE-2026-34556 iccDEV: HBO in icAnsiToUtf8()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow HBO in icAnsiToUtf8 in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8std::string&, char const ...

6.2CVSS0.00156EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 10:15 p.m.5 views

EUVD-2026-17717

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB issue in IccTagLut.cpp where the code performs member access through a null pointer of type CIccApplyCLUT. This issue has been patched in versio...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:9 p.m.11 views

CVE-2026-34548

iccDEV contains an Undefined Behavior (UB) in the XML conversion tool path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number, leading to value changes prior to version 2.3.1.6. The issue is patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 10:8 p.m.1 views

CVE-2026-34547 iccDEV: UB at IccUtil.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, an Undefined Behavior UB condition in IccUtil.cpp can be triggered by a crafted ICC profile when running iccDumpProfile. This issue has been patched in version 2.3.1.6...

6.2CVSS5.7AI score0.00156EPSS
Exploits1References3
CVE
CVE
added 2026/03/31 10:5 p.m.13 views

CVE-2026-34542

CVE-2026-34542 affects iccDEV before version 2.3.1.6, where a crafted ICC profile can trigger a stack-buffer-overflow in CIccCalculatorFunc::Apply() when processed via iccApplyNamedCmm. Under AddressSanitizer this appears as a 4-byte write stack-buffer-overflow in IccProfLib/IccMpeCalc.cpp:3873, ...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/31 9:59 p.m.19 views

CVE-2026-34536

ICC Dev iccDEV libraries are affected by a stack overflow in SIccCalcOp::ArgsUsed() when processing a crafted ICC profile under iccApplyProfiles. The issue exists before version 2.3.1.6 and is observed under AddressSanitizer; it has been patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00222EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:58 p.m.7 views

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/31 9:58 p.m.4 views

CVE-2026-34535 iccDEV: SEGV in CIccTagArray::Cleanup()

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References3
Rows per page
Query Builder