Lucene search
K

3306 matches found

Nuclei
Nuclei
added 8 hours ago71 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.3AI score0.05879EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago6 views

Important: Red Hat Security Advisory: skopeo security update

An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.5CVSS6AI score0.00939EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-7532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certifica...

7.5CVSS6AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:53 p.m.15 views

EUVD-2026-31686

Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...

8.7CVSS5.8AI score0.00703EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/06/25 9:31 p.m.6 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

7.5CVSS5.8AI score0.00155EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 9:31 p.m.7 views

CVE-2026-7532

iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...

7.5CVSS5.8AI score0.00155EPSS
Exploits0
NVD
NVD
added 2026/06/25 5:16 p.m.8 views

CVE-2026-54025

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS0.0014EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/25 3:53 p.m.30 views

CVE-2026-54025 LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS0.0014EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:53 p.m.9 views

CVE-2026-54025

LibreChat suffers a stored XSS in its Markdown artifact preview prior to version 0.8.4-rc1. The vulnerability arises because lib re uses marked v15.0.12 to render image alt text without HTML-escaping double quotes when the custom image renderer defers to the default renderer. LibreChat’s generate...

5.4CVSS6AI score0.0014EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/25 3:53 p.m.6 views

EUVD-2026-39463

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...

5.4CVSS6AI score0.0014EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52491

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description A flaw exists in the markdown artifact preview pipeline. The generateMarkdownHtml function located in client/src/utils/markdown.ts utilizes a custom image renderer that triggers a fallback to t...

5.4CVSS6AI score0.0014EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.21 views

PT-2026-52623

Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A configuration issue occurs when WOLFSSL IP ALT NAME is not defined, leading to a bypass of iPAddress name constraints. In this state, the software fails to enforce IP address constraints se...

7.5CVSS5.7AI score0.00155EPSS
Exploits0References7
NVD
NVD
added 2026/06/24 7:16 a.m.9 views

CVE-2026-11997

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...

4.3CVSS0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38688

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-11997 Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...

4.3CVSS0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 5:33 a.m.13 views

CVE-2026-11997

CVE-2026-11997 affects the WordPress plugin Bulk SEO Image

4.3CVSS5.8AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51670

Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validation—a security token used t...

4.3CVSS5.6AI score0.00128EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5428

The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...

6.4CVSS5.7AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 3:16 p.m.8 views

UBUNTU-CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/29 1:53 p.m.10 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5
Rows per page
Query Builder