Lucene search
K

2046 matches found

EUVD
EUVD
added 3 days ago8 views

EUVD-2026-41588

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00285EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago5 views

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References7
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40426

Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/26 10:50 p.m.7 views

ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass

Summary ExAws.SNS.verifymessage/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that its host is an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to any endpoint that calls...

8.7CVSS6AI score0.00226EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:34 p.m.8 views

CVE-2026-50132

Budibase is an open-source low-code platform. Prior to 3.39.0, GET /api/chat-links/:instance/:token/handoff is a public endpoint no auth required that performs a permanent, state-changing operation: it binds an external chat identity Slack/Discord/MS Teams to an authenticated Budibase user accoun...

7.3CVSS5.8AI score0.00192EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 9:34 a.m.7 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.3CVSS6.1AI score0.00292EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.5 views

CVE-2026-57297

A missing permission check in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.6 views

CVE-2026-57294

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

5.4CVSS5.8AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:14 p.m.31 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:14 p.m.10 views

CVE-2026-44960

Vulnerability summary (CVE-2026-44960) : A stored XSS exists in Revive Adserver where malicious content placed in the username could be executed when an admin views audit log details, due to missing output sanitisation. The issue is triggered by usernames being displayed in the audit log details ...

5.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 4:14 p.m.5 views

EUVD-2026-38503

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

5.7AI score0.00339EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 3:20 p.m.10 views

EUVD-2026-38264

The Angular Language Service VS Code Extension provides a rich editing experience for Angular templates. the client-side Angular Language Service VS Code extension configures the tooltip Markdown renderer with the isTrusted: true option located in client/src/client.ts. This setting instructs VS...

8.7CVSS5.9AI score0.00246EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in golang-golang-x-net

An attacker can cause excessive memory usage in a Go server that accepts HTTP/2 requests. HTTP/2 server connections include a cache of HTTP header keys sent by the client. Although the total number of entries in this cache is limited, an attacker who sends very large keys can cause the server to...

5.3CVSS7.2AI score0.05623EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.51 views

Security Bulletin: Dirty COW Vulnerability (CVE-2016-5195)

Question Security Bulletin: Dirty COW Vulnerability CVE-2016-5195 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line of...

7.2CVSS7.1AI score0.83524EPSS
Exploits81Affected Software1
CVE
CVE
added 2026/06/17 9:51 p.m.19 views

CVE-2026-12567

CVE-2026-12567 affects the github_workflows module. It constructs local directory paths from user-controlled repository names without validating for symlinks, enabling a local attacker sharing the scan directory to plant a symlink at a predictable output path. This can cause workflow data to be w...

2.2CVSS5.1AI score0.00091EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:4 p.m.17 views

CVE-2026-50107 NGINX Gateway Fabric vulnerability

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS0.00492EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 7:28 p.m.14 views

CVE-2026-46959

Technical details (affected product, vulnerable component, exploit information, or remediation) are not publicly available in the provided documents. Monitor for updates.

7.5CVSS5.2AI score0.00247EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2026/06/16 9:35 a.m.9 views

XML External Entity (XXE) Injection

Spring Web Services is vulnerable to XML External Entity XXE Injection. The vulnerability is due to Jaxp13XPathTemplate using a code path for StreamSource and SAXSource inputs that parses attacker-controlled XML with the default DocumentBuilderFactory configuration instead of Spring's hardened XM...

8.2CVSS5.4AI score0.00352EPSS
Exploits0References2Affected Software1
Redos
Redos
added 2026/06/16 12:0 a.m.5 views

ROS-20260616-73-0039

The vulnerability in ImageMagick is related to the lack of memory release after the effective lifespan of the component. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.3CVSS5.3AI score0.00384EPSS
Exploits0
Rows per page
Query Builder