Lucene search
K

74 matches found

Cvelist
Cvelist
added 2026/06/21 3:45 p.m.32 views

CVE-2026-56404

libexpat before 2.8.2 has an integer overflow in addBinding...

6.9CVSS0.00102EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.7 views

CVE-2026-47120 Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks (no ownership check)

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember can fire other users' cron tasks via AlertRule.FailTriggerTasks no ownership check. This issue has been patched in version 2.0.8...

7.1CVSS5.2AI score0.00261EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:2 p.m.13 views

CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.2AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

libexpat 资源管理错误漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.8.2 contained a resource management vulnerability. This vulnerability stemmed from insufficient deep tracking during the processing of policy violations, where calls to functions such as...

5.9CVSS5.3AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 5:19 p.m.7 views

CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

6.3CVSS5.2AI score0.0079EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.9 views

WordPress plugin FundPress 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.9 views

Helpy 跨站脚本漏洞

Helpy is an open-source customer support application developed by the American company Helpy. This program includes features such as a knowledge base, community discussions, and email functionality. Version 2.8.0 of Helpy contains a cross-site scripting vulnerability. This vulnerability stems fro...

5.4CVSS5.8AI score0.00178EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2026/04/16 12:0 a.m.12 views

(lib)expat -- Insufficient entropy

https://github.com/libexpat/libexpat/pull/1183 reports: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.3AI score0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32578

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administrator exports the application chat history to an Excel file .xlsx via the...

8.8CVSS5.8AI score0.00532EPSS
Exploits1References4
OSV
OSV
added 2026/03/26 7:49 p.m.7 views

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS6.2AI score0.00469EPSS
Exploits1References6
NVD
NVD
added 2026/03/26 5:16 p.m.8 views

CVE-2026-34071

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

6.1CVSS0.0026EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15582

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through = 2.8...

5.8AI score0.00321EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/20 6:27 p.m.14 views

EUVD-2026-13762

Cryptomator for IOS offers multi-platform transparent client-side encryption for files in the cloud. Prior to version 2.8.3, an integrity check vulnerability allows an attacker tamper with the vault configuration file leading to a man-in-the-middle vulnerability in Hub key loading mechanism. Befo...

7.6CVSS5.8AI score0.00078EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/18 4:41 a.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
OSV
OSV
added 2026/03/17 8:16 p.m.3 views

CVE-2026-32981

A path traversal vulnerability was identified in Ray Dashboard default port 8265 in Ray versions prior to 2.8.1. Due to improper validation and sanitization of user-supplied paths in the static file handling mechanism, an attacker can use traversal sequences e.g., ../ to access files outside the...

7.5CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2026/02/20 3:46 p.m.12 views

CVE-2025-69380

CVE-2025-69380 refers to WordPress Upload Files Anywhere

7.5CVSS5.5AI score0.00362EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.5 views

PT-2026-21161

Name of the Vulnerable Software and Affected Versions vanquish Upload Files Anywhere versions prior to 2.9 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as a Path Traversal issue. This impacts the Upload Files Anywhere...

5.3AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2026/02/01 1:15 p.m.5 views

CVE-2022-50942

Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacki...

5.4CVSS0.00256EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/29 12:0 a.m.6 views

RHEL 8 : gimp:2.8 (RHSA-2026:1574)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:1574 advisory. The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including...

7.8CVSS6AI score0.00508EPSS
Exploits1References4
OSV
OSV
added 2026/01/27 6:20 p.m.6 views

MGASA-2026-0019 Updated haproxy packages fix bugs

Haproxy has two major, a few medium and a few minor bugs fixed in the last upstream version 2.8.18 of branch 2.8. Fixed major bugs list: - quic: use ncbmbuf for CRYPTO handling - stream: Force channel analysis on successful synchronous send Fixed medium bugs list: - dns: bind the nameserver socke...

5.9AI score
Exploits0References3
Rows per page
Query Builder