Lucene search
K

946 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-49276

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...

7.4CVSS0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago29 views

CVE-2026-49276 Kirby: Self cross-site scripting (self-XSS) in the writer field

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...

7.4CVSS0.00289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-49276

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the writer field in any blueprint allowed a scripting link to be included as the target of a link or email link in writer mark components, making the target clickable by the user who entered it and...

7.4CVSS5.8AI score0.00289EPSS
Exploits0References4Affected Software1
CVE
CVE
added 6 days ago14 views

CVE-2026-49276

Kirby CMS contains a self-XSS vulnerability (CVE-2026-49276) in the writer field used by any blueprint. In affected releases, a scripting link could be placed as the target of a link or email link in writer mark components, allowing the attacker to trigger JavaScript execution in the authenticate...

7.4CVSS5.8AI score0.00289EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/07/07 1:27 p.m.25 views

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence AI platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand...

6.1AI score
Exploits0
Fedora
Fedora
added 2026/07/06 3:10 p.m.18 views

[SECURITY] Fedora 43 Update: rust-quick-xml-0.41.0-1.fc43

High performance xml reader and writer...

5.9AI score
Exploits0
Fedora
Fedora
added 2026/07/06 2:55 p.m.18 views

[SECURITY] Fedora 44 Update: rust-quick-xml-0.41.0-1.fc44

High performance xml reader and writer...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/29 4:33 p.m.8 views

CVE-2026-50269

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability, known as CRLF Carriage Return Line Feed injection, allows an attacker to modify HTTP requests by injecting malicious input into multipart or payload headers. If an application processes user-controlled...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.8 views

CVE-2026-54651

A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References6
OSV
OSV
added 2026/06/23 3:55 p.m.3 views

CVE-2026-44792 n8n: Source Control Pull SQL Injection

n8n is an open source workflow automation platform. Prior to 1.123.43, 2.22.1, and 2.20.7, an attacker with write access to the git repository connected to an n8n Source Control configuration could commit a malicious Data Table JSON file containing a crafted column name. When an administrator...

8.9CVSS6AI score0.00331EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

5.5CVSS5.8AI score0.00111EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 9:16 p.m.18 views

CVE-2026-54651

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.5 views

DEBIAN-CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 8:28 p.m.4 views

CVE-2026-54651 pypdf: Possible infinite loop when processing threads/articles in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...

6.9CVSS5.9AI score0.00111EPSS
Exploits0References5
CVE
CVE
added 2026/06/22 8:28 p.m.39 views

CVE-2026-54651

CVE-2026-54651 affects the Python PDF library pypdf prior to version 6.13.1. The issue allows an attacker to craft a PDF that can trigger an infinite loop when merging a file with threads/articles into a writer, potentially impacting availability. The vulnerability is fixed in 6.13.1. Affected co...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 8:26 p.m.7 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:26 p.m.6 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/22 8:26 p.m.27 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 8:26 p.m.5 views

CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/06/19 9:43 p.m.14 views

GHSA-C795-2G9C-J48M EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id

EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message senderid field was not validated as a path-safe identifier unlike appid / projectid, which already enforced this. During user-memory extraction, senderid is used a...

8.2CVSS6AI score0.00356EPSS
Exploits0References3
Rows per page
Query Builder