Lucene search
K

27963 matches found

CVE
CVE
added 3 hours ago10 views

CVE-2026-53517

CVE-2026-53517 affects Better Auth’s oauth-provider (and related memory adapter) prior to version 1.6.11. The POST /oauth2/token refresh_token flow performs a non-atomic read–validate–revoke–mint sequence on the oauthRefreshToken row, allowing concurrent requests with the same parent refresh toke...

8.1CVSS6.1AI score0.00029EPSS
Exploits0References3
CVE
CVE
added 3 hours ago11 views

CVE-2026-62378

RustFS Console is affected in versions 0.1.7–0.1.10. The vulnerability lies in the components/object/preview-modal.tsx and components/object/pdf-viewer.tsx extension-based PDF preview path, which can render HTML content uploaded as .pdf, enabling a stored XSS in the management console. This can l...

9CVSS6AI score
Exploits0References3
OSV
OSV
added 4 hours ago7 views

BIT-PROMETHEUS-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

6.1CVSS5.9AI score0.0024EPSS
Exploits0References4
NVD
NVD
added 8 hours ago5 views

CVE-2026-61862

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
NVD
NVD
added 9 hours ago5 views

CVE-2026-40633

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS
Exploits0References1
Nuclei
Nuclei
added 16 hours ago126 views

LiteSpeed Cache <= 5.7 - Unauthenticated Stored XSS

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Stored XSS.This issue affects LiteSpeed Cache- from n/a through 5.7. id: CVE-2023-40000 info: name: LiteSpeed Cache = 5.7 - Unauthenticated Stored XSS...

8.3CVSS6.8AI score0.54872EPSS
Exploits5References3
Nuclei
Nuclei
added 16 hours ago139 views

Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection

Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30,...

6.5CVSS7AI score0.10695EPSS
Exploits0References5
NVD
NVD
added yesterday7 views

CVE-2025-56362

A reachable assertion vulnerability exists in the Matter SDK connectedhomeip before 1.4.2, specifically within the Level Control cluster's periodic server tick logic. When a MoveToLevel command is sent and immediately followed by a write of OperationMode=2 in the Pump Configuration and Control...

7.5CVSS
Exploits0References2
CVE
CVE
added yesterday140 views

CVE-2026-48069

@grpc/grpc-js (pure JavaScript implementation) is affected by a crash when processing an invalid incoming compressed message. Affected versions: prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Remediation: upgrade to the ...

7.5CVSS6.1AI score0.00052EPSS
Exploits0References13
CVE
CVE
added yesterday10 views

CVE-2026-62643

Roundcube Webmail is affected prior to 1.6.17 and 1.7.x prior to 1.7.2 by CSS sanitization weaknesses in HTML email rendering. The insufficient CSS sanitization can enable SSRF or Information Disclosure, e.g., when stylesheet links reference local network hosts. Root cause notes indicate this ste...

7.2CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday19 views

CVE-2026-59203 Pillow EpsImagePlugin negative %%BeginBinary byte count causes infinite loop denial of service

Pillow is a Python imaging library. From 12.0.0 through 12.2.0, Pillow's EPS parser in PIL/EpsImagePlugin.py accepts a negative byte count in the %%BeginBinary directive, allowing a crafted EPS file to cause Image.open to seek backwards to the same directive and parse it repeatedly in an infinite...

5.3CVSS
Exploits1References4
CVE
CVE
added yesterday21 views

CVE-2026-15265

Tenable Agent 11.2.0 and 11.1.3 and lower are affected by a path traversal vulnerability that lets a privileged attacker write arbitrary files outside the intended plugin directory, potentially enabling remote code execution. The CVSS metrics indicate a network-accessible issue with high impact o...

9.4CVSS6.3AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-59084

CVE-2026-59084 affects Apache Tomcat across multiple branches (11.x, 10.x, 9.x, 8.x, 7.x) where EncryptInterceptor configuration requirements were not clearly documented, per NVD and related sources. Root cause: insufficient technical documentation for EncryptInterceptor configuration. Impact sta...

9.1CVSS6.1AI score0.00161EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-59083 Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

0.00156EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday75 views

GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

10CVSS7.2AI score0.13227EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-58291

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 Appliances affected versions not specified Description A Server-side request forgery SSRF issue exists in the Work Place interface. This allows a remote unauthenticated attacker to trick the appliance into making requests to...

10CVSS7.1AI score
Exploits3References21
NVD
NVD
added 2 days ago5 views

CVE-2026-12536

The Avada Fusion Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Module Title’ parameter in all versions up to, and including, 3.15.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00168EPSS
Exploits0References2
CVE
CVE
added 2 days ago12 views

CVE-2026-48363

CVE-2026-48363 affects ColdFusion versions 2025.9, 2023.20 and earlier. It is an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (the victim must open a malicious file). The issue...

8.2CVSS6.5AI score0.00159EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2 days ago6 views

CVE-2026-57812

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...

6.5CVSS0.00196EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-57814

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Forminator forminator allows DOM-Based XSS.This issue affects Forminator: from n/a through = 1.55.0.1...

7.1CVSS0.00146EPSS
Exploits0References1
Rows per page
Query Builder