Lucene search
K

570 matches found

Friends Of PHP
Friends Of PHP
added 2026/04/20 7:0 p.m.17 views

Cross-site scripting (XSS) via script break-out in toScript() output

What's Changed Escape HTML tags in toScript output to prevent script break-out by @freekmurze in https://github.com/spatie/schema-org/pull/242 Values containing passed as schema properties could break out of the generated block and execute injected HTML when the value was attacker-controlled...

5.9AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/13 9:15 p.m.2 views

CVE-2026-6224 nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox

A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...

7.5CVSS6.7AI score0.003EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 12:18 p.m.5 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jsdiff JavaScript library

Summary Due to use of the jsdiff JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text differencing implementation. Prior to versions...

7.5CVSS6.2AI score0.00562EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/29 12:29 a.m.6 views

SUSE CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

5.3CVSS5.9AI score0.00447EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.13 views

PT-2026-28187

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3 Description An authorization bypass exists because the plugin fails to restrict access to the wp db temp dir parameter, which determines the storage location for database backups...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/03/19 7:46 p.m.4 views

CVE-2026-3580

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

2.1CVSS5.8AI score0.00128EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:48 p.m.10 views

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

6.5CVSS6.5AI score0.00292EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.14 views

libsoup 安全漏洞

Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from improper input cleaning in the soupmessageheaderssetcontenttype function. This vulnerability could allow attackers to inject CRLF sequences by controlling the value of the Content-Type...

6.5CVSS5.8AI score0.00184EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/09 12:31 p.m.5 views

EUVD-2025-208410

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

7.5AI score0.00111EPSS
Exploits0References2
NVD
NVD
added 2026/03/09 12:16 p.m.6 views

CVE-2025-15576

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...

7.5CVSS0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.6 views

CVE-2026-25702

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...

9.8CVSS5.8AI score0.00203EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.9 views

PT-2026-23409

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 SP5 Description An Improper Access Control issue exists in the kernel of SUSE Linux Enterprise Server 12 SP5, impacting nftables functionality. This prevents firewall rules applied through nftables from...

9.8CVSS6.8AI score0.0071EPSS
Exploits0References156
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.4 views

SUSE CVE-2026-25702

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/23 1:30 p.m.6 views

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

8.7CVSS5.7AI score0.00218EPSS
Exploits1References1
OSV
OSV
added 2026/02/10 4:16 a.m.3 views

CVE-2026-0490

SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/10 3:2 a.m.31 views

CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java

Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...

3.4CVSS0.00164EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/02/09 12:0 a.m.13 views

Shor's Harvest Now Decrypt Later

This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer CRQC. Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by...

5.7AI score
Exploits0References1
Debian
Debian
added 2026/02/05 7:43 p.m.8 views

[SECURITY] [DSA 6119-1] openjdk-25 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6119-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2026 https://www.debian.org/security/faq -...

7.5CVSS6AI score0.00864EPSS
Exploits1
EUVD
EUVD
added 2026/01/28 8:27 p.m.9 views

EUVD-2026-4872

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...

4.9CVSS5.9AI score0.00348EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.7 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed a potential use-after-free issue in oplock/lease break ack. If there is an error returning from ksmbdiovpinrsp, a use-after-free may occur by accessing opinfo-state and opinfoput. Additionally, ksmbdfdput might be...

7.8CVSS6.1AI score0.00151EPSS
Exploits0References3
Rows per page
Query Builder