Lucene search
+L

16952 matches found

OSV
OSV
added 3 days ago4 views

UBUNTU-CVE-2026-15747

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

9.1CVSS6.1AI score0.00248EPSS
Exploits0References6
OSV
OSV
added 3 days ago3 views

CVE-2026-15075

In Eclipse Vert.x versions up to and including 4.5.29 4.x branch and 5.1.4 5.x branch, DefaultRedirectHandler vertx-core propagates all request headers as-is across cross-origin HTTP 30x redirects. Only Content-Length is stripped; no origin comparison scheme, host, port is performed before copyin...

8.2CVSS6.2AI score0.00141EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-58129

Name of the Vulnerable Software and Affected Versions ASP.NET Core OData versions prior to 7.8.0 ASP.NET Core OData versions prior to 9.5.0 Description Allocation of resources without limits or throttling allows an unauthorized attacker to remotely cause a denial of service over a network,...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-49969 Laravel-Mediable < 7.0.0 SSRF via RemoteUrlAdapter URL Handling

Laravel-Mediable before 7.0.0 contains a server-side request forgery vulnerability that allows remote attackers to issue arbitrary HTTP requests from the server by supplying unvalidated caller-controlled URLs to endpoints backed by MediaUploader::fromSource. Attackers can craft URLs targeting...

5.3CVSS6.2AI score0.00241EPSS
Exploits0References6
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-43059

Missing Authorization vulnerability in Drupal AI Artificial Intelligence allows Forceful Browsing. This issue affects AI Artificial Intelligence versions: from 0.0.0 to 1.2.17, from 1.3.0 to 1.3.8, from 1.4.0 to 1.4.3...

6.1AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 1:57 p.m.3 views

CVE-2026-56312 Capgo - Account Creation Before CAPTCHA Validation in accept_invitation Endpoint

Capgo before 12.128.2 contains an improper validation vulnerability in the acceptinvitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn...

6.9CVSS6.1AI score0.00275EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 7:48 a.m.9 views

CVE-2026-6440

The CVE concerns the WordPress plugin GoodMeet – Google Meet Integration for Webinar, Meeting & Video Conference. A CSRF vulnerability exists in versions up to 1.1.8 due to missing nonce verification in reset_credential() for the wp_ajax_goodmeet_reset_google_meet_credential action. Although user...

4.3CVSS6AI score0.00168EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/10 7:48 a.m.7 views

CVE-2026-12924

The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'etnfaqcontent' parameter in all versions up to, and including, 4.1.15 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS6.2AI score0.00206EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.15 views

PT-2026-57232

Name of the Vulnerable Software and Affected Versions tarteaucitron.js versions prior to 1.33.0 Description The software fails to verify if an element is a legitimate button or if the associated cookie belongs to a handled service when calling the tarteaucitron.cookie.purge function on elements...

4.3CVSS5.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.8 views

PT-2026-56960

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affects Struktur: from n/a through = 2.5.1...

7.5CVSS6.1AI score0.00496EPSS
Exploits0References3
Snyk
Snyk
added 2026/07/08 6:46 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl function. An attacker can execute arbitrary scripts in the rendered HTML by supplying specially crafted percent-encoded javascript URIs in Markdown links or images. Details Cross-site scripting o...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/07 9:11 p.m.7 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.9 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS0.00148EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.5AI score0.00313EPSS
Exploits1References7
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40431

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...

9.2CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40520

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00297EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.7 views

CVE-2026-13883

Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00306EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54089

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. This occurs when a user is convinced to...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References447
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 4:33 a.m.36 views

CVE-2026-10712

GitLab CVE-2026-10712 affects GitLab CE/EE with versions 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. The issue is described as improper path validation that could, under certain conditions, allow an unauthenticated user to execute arbitrary JavaScript in a user’s browser ses...

8CVSS6.1AI score0.00222EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder