Lucene search
K

10488 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-8034

A server-side request forgery SSRF vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusion between the validation layer and the HTTP request library. The hostname validation used a differe...

9.8CVSS5.5AI score0.00377EPSS
Exploits0References1
NVD
NVD
added 2026/06/05 2:16 p.m.12 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS0.00183EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/05 1:24 p.m.13 views

EUVD-2026-34830

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/06/05 1:24 p.m.43 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS0.00183EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:24 p.m.6 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/05 1:24 p.m.10 views

CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References2
CVE
CVE
added 2026/06/05 1:24 p.m.26 views

CVE-2026-50231

CVE-2026-50231 – Lyrion Music Server 9.2.0 suffers an unauthenticated stored XSS in the log viewer. The root cause is unescaped template variables, enabling attackers to inject scripts via search/lines/path query parameters or logged values (URLs, User-Agent, stream titles, player names) to run i...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.12 views

EUVD-2026-34768

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

6.2AI score0.00228EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.21 views

PT-2026-46950

Name of the Vulnerable Software and Affected Versions Lyrion Music Server version 9.2.0 Description An unauthenticated stored cross-site scripting issue exists in the log viewer due to unescaped template variables. This allows attackers to execute arbitrary scripts in users' browsers by injecting...

7.2CVSS5.5AI score0.00183EPSS
Exploits2References6
Packet Storm
Packet Storm
added 2026/06/05 12:0 a.m.55 views

📄 Lyrion Music Server 9.2.0 server.log Persistent Cross Site Scripting

The log viewer in Lyrion Music Server version 9.2.0 reflects request parameters and raw log content into HTML with no escaping. Any attacker-provided value that gets logged a crafted URL, User-Agent, stream title, player name becomes persistent cross site scripting. Lyrion Music Server 9.2.0...

7.2CVSS4.4AI score0.00183EPSS
Exploits2
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.10 views

Lyrion Music Server 跨站脚本漏洞

Lyrion Music Server is an audio server software developed by the Lyrion organization. Version 9.2.0 of Lyrion Music Server contains a cross-site scripting vulnerability. This vulnerability stems from an unvalidated storage-based cross-site scripting flaw present in the log viewer, which may allow...

7.2CVSS5AI score0.00183EPSS
Exploits2References2
Zero Science Lab
Zero Science Lab
added 2026/06/05 12:0 a.m.58 views

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

7.2CVSS5.4AI score0.00183EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:28 p.m.6 views

CVE-2026-43984

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS5.7AI score0.00207EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/04 2:28 p.m.12 views

EUVD-2026-34284

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Versions prior to 2.17.1 expose logjserrors to any authenticated user, including guest users when guest access is enabled. The endpoint writes attacker-controlled strings directly into the main application log. The...

8.9CVSS5.7AI score0.00207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Kibana 8.x < 8.19.16 DoS (ESA-2026-39)

The version of Kibana installed on the remote host is 8.x prior to 8.19.16. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-39 advisory. - Uncontrolled Resource Consumption CWE-400 in Kibana can lead to denial of service via Excessive Allocation CAPEC-130. An...

6.5CVSS5.5AI score0.0027EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.6 views

Cactus Image Viewer 安全漏洞

Cactus Image Viewer is a Windows single-file image viewing tool developed by Wassim Alhajomar. Version 2.3.0 of Cactus Image Viewer has a security vulnerability caused by DLL hijacking, which may allow attackers to elevate privileges and execute arbitrary code through a specially crafted DLL...

7.8CVSS5.9AI score0.00137EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 10:40 p.m.44 views

CVE-2026-44653 LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS0.00276EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 10:40 p.m.9 views

CVE-2026-44653

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only VIEW access to an MCP server can retrieve the server's decrypted admin-managed secrets through GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The returned...

6.5CVSS5.7AI score0.00276EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/02 10:40 p.m.29 views

CVE-2026-44653

LibreChat contains a vulnerability in versions up to 0.8.3 where users with only VIEW access to an MCP server can retrieve decrypted admin secrets via GET /api/mcp/servers and GET /api/mcp/servers/:serverName. The API returns plaintext values for apiKey.key and oauth.client_secret, enabling viewe...

6.5CVSS5.7AI score0.00276EPSS
Exploits1References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/02 11:26 a.m.16 views

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by multiple axios vulnerabilities (CVE-2026-42033 through CVE-2026-42044).

Summary Multiple vulnerabilities in the axios HTTP client library CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044 used by IBM InfoSphere Optim Archive...

10CVSS6AI score0.00838EPSS
Exploits12Affected Software1
Rows per page
Query Builder