Lucene search
K

2156 matches found

EUVD
EUVD
added 2026/07/01 5:14 p.m.7 views

EUVD-2026-41099

URL redirection to untrusted site 'open redirect' vulnerability in The Wikimedia Foundation Mediawiki - UrlShortener Extension allows Cross-Site Flashing. This issue affects Mediawiki - UrlShortener Extension: from before 1.43.9, 1.44.6, 1.45.4...

6.9CVSS5.6AI score0.0026EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 4:4 p.m.10 views

CVE-2026-34098

CVE-2026-34098: Guardian Language-System contains an XSS in media.php via unsanitized id parameter (GET). The id value is inserted into HTML source and form actions (lines 119, 129), enabling script injection in a victim’s browser session. Affected: Guardian Language-System; vulnerability manifes...

4.8CVSS5.8AI score0.00147EPSS
Exploits0References2
Circl
Circl
added 2026/07/01 3:54 p.m.6 views

CVE-2026-58029

creationtimestamp| type| source ---|---|--- 2026-07-01 15:54:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpluujzji72j 2026-07-02 02:51:36+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmzlikquv2y 2026-07-02 04:28:51+00:00| seen|...

5.3CVSS5.8AI score0.00543EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 8:34 p.m.20 views

CVE-2026-10562

CVE-2026-10562 affects TP-Link Archer AX20 V2.0–V2.1.9 Build 20230829. The flaw is an unauthenticated URL redirection caused by improper validation of user-supplied URL input in the device’s web interface. An unauthenticated attacker can craft URLs containing URL-encoded path traversal sequences;...

5.9CVSS5.8AI score0.00296EPSS
Exploits0References2
Circl
Circl
added 2026/06/30 10:0 a.m.8 views

CVE-2026-12076

creationtimestamp| type| source ---|---|--- 2026-06-30 10:00:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpiqn3brkz2v 2026-07-01 02:36:28+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-12076...

9.3CVSS5.8AI score0.00431EPSS
Exploits0References2
Circl
Circl
added 2026/06/29 6:45 p.m.6 views

CVE-2026-36848

creationtimestamp| type| source ---|---|--- 2026-06-29 18:45:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mph5hp43mm2w 2026-06-29 21:59:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphidk7hpb2d...

7.5CVSS5.8AI score0.00695EPSS
Exploits2References2
CVE
CVE
added 2026/06/29 4:12 p.m.18 views

CVE-2026-13751

CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-444 Code Injection in paddlepaddle

The vulnerability arises from the way the url parameter is incorporated into the command string without proper validation or sanitization. If the url is constructed from untrusted sources, an attacker could potentially inject malicious commands...

9.3CVSS5.8AI score0.00456EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 3:20 a.m.7 views

Malicious code in rebrandly-domains-search-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d4464320c8530d582d35f85ce95045182d82e1dd63a830644bcb68f05bdf10e Package [email protected] is an empty module index.js exports an empty object whose package.json preinstall hook runs node...

5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/26 4:16 p.m.9 views

CVE-2026-47214

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS0.00217EPSS
Exploits0References2
Circl
Circl
added 2026/06/26 3:1 a.m.8 views

CVE-2026-50742

creationtimestamp| type| source ---|---|--- 2026-06-26 03:01:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp5xd2fdsk2b 2026-06-29 21:52:56+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mphhxli3am2b...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:41 p.m.27 views

CVE-2026-55487 pnpm: manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, the generic peer-suffix normalizer also stripped parenthesized text from git, URL, tarball, file, and other opaque locators. Approval for one source string could therefore authorize a different attacker-controlled source whose locator...

7.5CVSS0.00118EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 6:40 a.m.3 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 5:16 a.m.8 views

CVE-2026-12635

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

3.1CVSS0.00153EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:33 a.m.5 views

EUVD-2026-39168

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user with maintainer-role permissions to make requests to internal network resources through...

5.9AI score0.00153EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/24 7:30 p.m.5 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 2:17 p.m.8 views

CVE-2026-57304

A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.9 views

CVE-2026-57305

A cross-site request forgery CSRF vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified username and password...

5.4CVSS0.00128EPSS
Exploits0References1
Circl
Circl
added 2026/06/24 1:55 p.m.7 views

CVE-2026-56270

creationtimestamp| type| source ---|---|--- 2026-06-24 13:55:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mp22xcos3g2f...

8.7CVSS5.8AI score0.00383EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 1:20 p.m.16 views

CVE-2026-57304

CVE-2026-57304 affects the Jenkins Assembla Plugin (versions ≤ 1.4). The root cause is a missing permission check, allowing attackers who have Overall/Read permission to instruct the plugin to connect to an attacker-specified URL using attacker-specified credentials. The description in connected ...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder