Lucene search
K

161228 matches found

CVE
CVE
added 1 hour ago3 views

CVE-2026-59246

Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...

6.3CVSS
Exploits0References4
CVE
CVE
added 1 hour ago3 views

CVE-2026-59084

Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from...

Exploits0References1
CVE
CVE
added 1 hour ago6 views

CVE-2026-59083

Summary: CVE-2026-59083 affects Apache Tomcat due to an improper handling of URL encoding (hex encoding) in the RewriteValve , enabling a security constraint bypass under certain configurations. Affected versions: Tomcat 11.0.0-M1 through 11.0.23, 10.1.0-M1 through 10.1.56, 9.0.0.M1 through 9.0.1...

Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-48363

CVE-2026-48363 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). The issue...

8.2CVSS6.5AI score
Exploits0References1
CVE
CVE
added yesterday14 views

CVE-2026-48364

CVE-2026-48364 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could enable arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim must open a malicious file); the impact is ...

8.2CVSS6.5AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-61502

CVE-2026-61502 affects Rejetto HFS versions 3.0.0 through 3.2.0. The root cause is that state-changing API requests can be issued via GET and are exempt from the anti-CSRF header check, enabling a remote attacker to perform administrative actions (e.g., account creation, configuration changes) an...

5.1CVSS6.4AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-61500

Affected software: Rejetto HFS 3.0.0–3.2.0. Root cause: session-cookie signing key derived from the non‑cryptographic Math.random() generator; outputs disclosed to unauthenticated clients during login. Impact: remote attacker can observe login responses, reconstruct the generator state, recover t...

9.8CVSS6.5AI score
Exploits0References2
OSV
OSV
added yesterday19 views

ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.0048EPSS
Exploits2
OSV
OSV
added yesterday4 views

ROOT-APP-MAVEN-CVE-2026-47838 CVE-2026-47838 in io.root.org.springframework.security:spring-security-web - Patched by Root

Root has patched CVE-2026-47838 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...

8.1CVSS6.1AI score0.00116EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-MAVEN-CVE-2026-54512 CVE-2026-54512 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2026-54512 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.1CVSS5.8AI score0.00617EPSS
Exploits1
EUVD
EUVD
added yesterday6 views

EUVD-2026-43493

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References2
OSV
OSV
added yesterday9 views

ROOT-APP-PYPI-CVE-2026-48818 CVE-2026-48818 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48818 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.2AI score0.00368EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-PYPI-CVE-2026-54283 CVE-2026-54283 in rootio-starlette - Patched by Root

Root has patched CVE-2026-54283 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.2AI score0.00275EPSS
Exploits0
OSV
OSV
added yesterday18 views

ROOT-APP-PYPI-CVE-2026-48710 CVE-2026-48710 in rootio-starlette - Patched by Root

Root has patched CVE-2026-48710 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
OSV
OSV
added yesterday7 views

ROOT-APP-PYPI-CVE-2024-47874 CVE-2024-47874 in rootio-starlette - Patched by Root

Root has patched CVE-2024-47874 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.4AI score0.00658EPSS
Exploits0
OSV
OSV
added yesterday11 views

ROOT-APP-PYPI-CVE-2025-54121 CVE-2025-54121 in rootio-starlette - Patched by Root

Root has patched CVE-2025-54121 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

5.3CVSS7.5AI score0.0053EPSS
Exploits0
OSV
OSV
added yesterday17 views

ROOT-APP-PYPI-CVE-2025-62727 CVE-2025-62727 in rootio-starlette - Patched by Root

Root has patched CVE-2025-62727 in the rootio-starlette package for Root:PyPI. Multiple fixed versions available...

7.5CVSS5.4AI score0.00638EPSS
Exploits0
NVD
NVD
added yesterday4 views

CVE-2026-61983

Missing Authorization vulnerability in andymoyle Church Admin church-admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through = 5.0.30...

5.3CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57812

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...

6.5CVSS0.00332EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57814

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00251EPSS
Exploits0References1
Rows per page
Query Builder