Lucene search
+L

190 matches found

OSV
OSV
added 2026/07/09 10:19 p.m.4 views

CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...

8.6CVSS6.2AI score0.00305EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 3:16 p.m.4 views

UBUNTU-CVE-2026-49146

App::Ack versions before 3.10.0 for Perl allow memory exhaustion via an unbounded context value in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The -B and -C context options accepted any positive integer, and ack...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 4:12 p.m.24 views

CVE-2026-13751

CVE-2026-13751 concerns Snowflake CLI prior to v3.19, where the SQL reader’s !source/!load directives could reference remote URLs retrieved at runtime. The root cause is improper handling of untrusted remote references, enabling server-side request forgery within the vulnerable command path. Impa...

9.6CVSS5.9AI score0.00118EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 4:7 p.m.6 views

CVE-2026-13750 Snowflake CLI Sensitive Credential Exposure Through Debug Logging

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS5.9AI score0.00108EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 3:51 p.m.4 views

CVE-2026-13746 Snowflake CLI SQL Injection Through Improper Neutralization of Local CLI Parameters

Improper neutralization of local CLI parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. A user could trigger this issue by supplying crafted values to vulnerable Cortex SQL or object listing command paths, causing Snowflake CLI to execute unintended SQL in the...

3.6CVSS6.1AI score0.0013EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 3:16 p.m.14 views

CVE-2026-47103

Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted attributes evaluated unsafely. The SCXMLProcessor passes attacker-controlled expression strings...

9.8CVSS0.01188EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/12 2:27 a.m.10 views

CVE-2026-48613

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

5.9CVSS6.5AI score0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 12:18 a.m.89 views

CVE-2026-9538

CVE-2026-9538 affects Archive::Tar prior to 3.10 for Perl. A crafted tar header can set a multi‑gigabyte size, causing _read_tar() to allocate a scalar of that size, leading to memory exhaustion. The vulnerability arises from reading entry payloads with a size block derived from the header withou...

7.5CVSS5.8AI score0.00437EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/21 5:10 p.m.21 views

CVE-2026-48227

Open ISES Tickets before 3.44.2 is affected by a reflected XSS in patient.php, where an unsanitized id and ticket_id in GET parameters can inject JavaScript into the HTML form action URL. The vulnerability allows authenticated users to craft requests that execute in a victim’s browser when the re...

5.4CVSS5.8AI score0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 5:9 p.m.21 views

CVE-2026-48217

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in delete_module.php. The vulnerability allows an authenticated attacker to inject arbitrary JavaScript by passing unsanitized values through POST parameters module_choice, flag, and confirmation, which are then rendered into HTML c...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:34 p.m.7 views

CVE-2026-35008

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in single.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into an HTML attribute. Attackers can craft a...

5.1CVSS5.8AI score0.00221EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-45232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establishproxyconnection function in socket.c that allows netwo...

3.7CVSS6.1AI score0.00337EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.22 views

VulnCheck KEV: CVE-2025-67303

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...

7.5CVSS7.5AI score0.01361EPSS
In wildExploits3References21
OSV
OSV
added 2026/05/07 2:4 p.m.4 views

CVE-2026-32686 Unbounded exponent in decimal enables unauthenticated DoS

Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent e.g. Decimal.new"1e1000000000" is accepted without error. Subsequent cal...

6.9CVSS6AI score0.00321EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/04 6:10 p.m.67 views

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

3.7CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 8:16 p.m.9 views

CVE-2026-41429

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS packet handling path. When NetBIOS is enabled by calling NBNS.begin..., the device listens on UDP...

8.8CVSS0.00307EPSS
Exploits1References1
Patchstack
Patchstack
added 2026/04/22 10:30 a.m.8 views

WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...

5.3AI score0.00395EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/04/21 10:12 p.m.22 views

CVE-2026-4821

The CVE-2026-4821 entry describes an improper neutralization of special elements vulnerability in GitHub Enterprise Server . It allows an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields (e.g., http_pro...

8.1CVSS6AI score0.00014EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.9 views

iTerm2 安全漏洞

iTerm2 is a terminal emulator developed by George Nachman for Mac OS X. Versions of iTerm2 prior to 3.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of executing code through DCS 2000p and OSC 135 data when displaying .txt files. This was because iTerm2...

7.8CVSS5.9AI score0.00199EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.13 views

WeGIA 安全漏洞

WeGIA is a network manager for a welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.10 contained security vulnerabilities. These vulnerabilities were due to a vulnerability that made the system susceptible to storage-type cross-site scripting attacks. This allowed...

6.4CVSS5.7AI score0.00258EPSS
Exploits0References2
Rows per page
Query Builder