Lucene search
+L

1155 matches found

CVE
CVE
added 6 days ago14 views

CVE-2026-15477

Bahmni bahmnicore (up to 0.93) is affected in the Search Endpoint (file /openmrs/ws/rest/v1/bahmnicore/sql), specifically the function additionalParams. A manipulated argument can lead to SQL injection, with remote exploitation possible and public exploit details. Remediation: upgrade to 0.93.1, ...

6.5CVSS6.4AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

6.5CVSS0.00319EPSS
Exploits0References6
OSV
OSV
added 6 days ago5 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

5.3CVSS5.9AI score0.00319EPSS
Exploits0References8
OSV
OSV
added last week4 views

MINI-2Q8W-CM8V-7H58

Bulletin has no description...

7.8CVSS6.1AI score0.00183EPSS
Exploits0
NVD
NVD
added 2026/07/08 12:17 p.m.11 views

CVE-2026-6742

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/08 11:35 a.m.6 views

EUVD-2026-42219

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'additional' parameter in all versions up to, and including, 2026.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 11:35 a.m.15 views

CVE-2026-6742

The data shows CVE-2026-6742 affects the WordPress Advanced iFrame plugin: all versions up to 2026.1 are vulnerable to Stored Cross-Site Scripting via the Gutenberg Block 'additional' attribute due to insufficient input sanitization and output escaping. This allows authenticated users with contri...

6.4CVSS6.1AI score0.00156EPSS
Exploits0References2
Circl
Circl
added 2026/07/01 4:21 p.m.9 views

CVE-2026-24245

creationtimestamp| type| source ---|---|--- 2026-07-01 16:21:39+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplwf2i7xe26 2026-07-02 04:27:20+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpn6woaywm2k...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53711

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A permissions issue exists where visiting a website may leak sensitive data. This was addressed by...

6.5CVSS5.9AI score0.00312EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:16 a.m.3 views

crypto: af_alg - Cap AEAD AD length to 0x80000000

...

7.8CVSS6.1AI score0.00144EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/27 1:43 a.m.11 views

CVE-2025-59868

HCL Traveler for Microsoft Outlook HTMO is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.6 views

CVE-2026-53288

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of data, end segment may overflow into the next page of initpgend1 which is the gap page before earlyinitstack2: 1 crasharm64v9.0.1 vtop ffffffed00601000 VIRTUA...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.9 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn – Rejects AADs that are too short assoclen 8 to match the ESP/ESN specification. authencesn assumes that the AAD is in the ESP/ESN format. When the length of assoclen is shorter than the minimum expected length...

5.5CVSS6.4AI score0.00123EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 2:33 p.m.10 views

EUVD-2026-36489

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name...

8.7CVSS5.3AI score0.00292EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 6:47 p.m.33 views

CVE-2025-24165

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination...

0.00121EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 3:39 p.m.9 views

Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path

A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...

8.2CVSS7.4AI score0.00334EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

4.8CVSS0.0021EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.17 views

CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.7AI score0.0021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

7.5CVSS5.6AI score0.00513EPSS
Exploits0References118
OSV
OSV
added 2026/06/08 11:2 p.m.15 views

GHSA-5PVG-856G-CP85 Netty has Insufficient Bailiwick Validation for NS Records

Summary Netty's DnsResolveContext insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an authoritative name server for a subdomain can poison the cache for parent domains like .co.uk. Details In...

8.7CVSS5.5AI score0.00292EPSS
Exploits0References13
Rows per page
Query Builder