Lucene search
K

38 matches found

OSV
OSV
added 2026/06/26 9:2 p.m.3 views

GHSA-6Q7J-XR26-3H2C Scriban: ExpressionDepthLimit guard is non-enforcing — parser-recursion DoS in 6.6.0–7.2.0 (incomplete fix for GHSA-wgh7-7m3c-fx25 / GHSA-p6q4-fgr8-vx4p)

Summary The ExpressionDepthLimit parser guard in Scriban does not actually stop parsing — it only logs a non-fatal error and lets recursive descent continue. As a result, a template containing a deeply nested expression parentheses, array initializers, object initializers, or unary operators driv...

6.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2026/04/07 3:19 p.m.6 views

EUVD-2026-19713

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP lease time configuration parameter dhcp.leaseTime. This vulnerability allows an...

8.8CVSS6.2AI score0.00701EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 3:18 p.m.3 views

EUVD-2026-19711

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DNS host record configuration parameter dns.hostRecord. This vulnerability allows an...

8.8CVSS6.2AI score0.00537EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/27 9:44 p.m.4 views

EUVD-2026-9083

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

4.3CVSS6AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 3:39 p.m.18 views

CVE-2026-21743

The CVE-2026-21743 issue affects Fortinet FortiAuthenticator releases 6.6.0–6.6.6, all 6.5 series, and all 6.4 and 6.3 versions. It is a missing authorization vulnerability where a read-only user could modify local users by uploading a file to an unprotected endpoint. The CVSS 3.1 base score is 7...

7.2CVSS5.5AI score0.00336EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/01/10 4:41 a.m.31 views

CVE-2026-22690

CVE-2026-22690 affects the Python PDF library pypdf prior to version 6.6.0. The issue allows long runtimes for malformed PDFs caused by omitting the /Root entry in the trailer while using a large /Size value; the vulnerability occurs in non-strict reading mode. The problem has been addressed and ...

6.9CVSS6.4AI score0.00391EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.6 views

CVE-2022-23697

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 6.6. HPE has provided a software update to resolve this vulnerability in HPE OneView...

6.1CVSS6.3AI score0.00696EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/01/08 9:30 p.m.19 views

Elliptic Uses a Cryptographic Primitive with a Risky Implementation

The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 has leading zeros and is susceptible to cryptanalysis, which can lead to secret key exposure. This...

5.6CVSS6.8AI score0.00161EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/01/07 11:51 a.m.28 views

CVE-2025-69344 WordPress Oneline Lite theme <= 6.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in themehunk Oneline Lite oneline-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through = 6.6...

4.3CVSS0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 8:29 p.m.4 views

CVE-2025-67461 Zoom Rooms for macOS - External Control of File Name or Path

External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access...

5CVSS5.7AI score0.00123EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2025/11/14 10:3 p.m.7 views

CVE-2025-40021 affecting package kernel for versions less than 6.6.112.1-2

CVE-2025-40021 affecting package kernel for versions less than 6.6.112.1-2. An upgraded version of the package is available that resolves this issue...

6.8AI score0.00188EPSS
Exploits0
OSV
OSV
added 2025/11/12 10:15 p.m.6 views

AZL-70076 CVE-2025-40195 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mntnsrelease When calling in listmount mntnsrelease may be passed a NULL pointer. Handle that case gracefully...

5.6AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2025/10/03 7:15 p.m.7 views

CVE-2025-52656

HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...

7.6CVSS5.8AI score0.00235EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/03 6:11 p.m.3 views

CVE-2025-52654 HCL MyXalytics is affected by an HTML Injection

HCL MyXalytics v6.6 is affected by an HTML Injection. This issue occurs when untrusted input is included in the output without proper handling, potentially allowing unauthorized content injection and manipulation...

4.6CVSS6.7AI score0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.5 views

PT-2025-40574

Name of the Vulnerable Software and Affected Versions HCL MyXalytics version 6.6 Description The software is susceptible to a Mass Assignment issue. This happens when user-supplied data is automatically mapped to application objects without sufficient validation or access controls, potentially...

7.6CVSS6.3AI score0.00235EPSS
Exploits0References5
CBLMariner
CBLMariner
added 2025/10/01 7:21 p.m.6 views

CVE-2025-38500 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-38500 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.8AI score0.0014EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/10/01 7:21 p.m.6 views

CVE-2025-38474 affecting package kernel for versions less than 6.6.104.2-1

CVE-2025-38474 affecting package kernel for versions less than 6.6.104.2-1. An upgraded version of the package is available that resolves this issue...

5.5CVSS6.8AI score0.00156EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/26 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-45935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Qt 6 through 6.6 was discovered to contain a NULL pointer dereference via the function QXcbConnection::initializeAllAtoms. NOTE: this is disputed because it is...

4.2CVSS5.9AI score0.0024EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 6:9 a.m.6 views

CVE-2023-25292

Reflected Cross Site Scripting XSS in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GOLANGUAGE cookie...

6.1CVSS6.2AI score0.0058EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:22 a.m.9 views

CVE-2023-24648

Zstore v6.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component /index.php...

6.1CVSS6.1AI score0.00473EPSS
Exploits1References1
Rows per page
Query Builder