Lucene search
K

10466 matches found

OSV
OSV
added 2026/06/17 6:10 p.m.2 views

GHSA-9CPJ-QC93-VW8V Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/14 6:53 a.m.90 views

wannacry-soc-lab

WannaCry SOC Investigation Lab Overview This project simu...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.12 views

CVE-2026-45560

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 8:17 p.m.8 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS0.00529EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/10 7:46 p.m.9 views

EUVD-2026-36109

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

9.6CVSS8.2AI score0.0234EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/10 7:46 p.m.38 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS0.00529EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 7:46 p.m.9 views

CVE-2026-46529 PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.4AI score0.00529EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 7:46 p.m.131 views

CVE-2026-46529

Technical details such as affected versions, impact, and remediation are not provided in the supplied documents; monitor for updates from official advisories.

8.4CVSS6.5AI score0.00529EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2026/06/10 7:46 p.m.8 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/10 7:46 p.m.13 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits0
NVD
NVD
added 2026/06/10 3:16 p.m.16 views

CVE-2026-45560

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:2 p.m.11 views

EUVD-2026-36041

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:2 p.m.7 views

CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 2:2 p.m.35 views

CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:2 p.m.17 views

CVE-2026-45560

Roxy-WI exposes a stored XSS vulnerability in the log viewer. In versions <= 8.2.6.4, wrap_line and highlight_word build raw HTML via string concatenation without escaping, and the frontend injects response bodies with .html/.append. An attacker who can reach the public load balancer can injec...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.17 views

PT-2026-48439

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap line app/modules/common/common.py:181-186 and highlight word app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.13 views

Roxy-WI 跨站脚本漏洞

Roxy-WI is an open-source web interface designed for managing Haproxy, Nginx, and Keepalived servers. Versions of Roxy-WI 8.2.6.4 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the lack of escaping of the wrapline and highlightword functions when...

6.1CVSS5.5AI score0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 4:9 p.m.43 views

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

7.2CVSS0.00213EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.15 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

7.8CVSS5.9AI score0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References1
Rows per page
Query Builder