Lucene search
K

1036338 matches found

Microsoft CVE
Microsoft CVE
added 7 hours ago8 views

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk

...

9.1CVSS6.1AI score0.00207EPSS
Exploits0
Nuclei
Nuclei
added 10 hours ago55 views

NexusDB <4.50.23 - Local File Inclusion

NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion. id: CVE-2020-24571 info: name: NexusDB 4.50.23 - Local File Inclusion author: pikpikcu severity: high description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../...

7.5CVSS7AI score0.17959EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago122 views

NeDi 1.9C - Cross-Site Scripting

NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a...

6.1CVSS6.3AI score0.03442EPSS
Exploits0References4
Nuclei
Nuclei
added 10 hours ago8 views

MajorDoMo - Unauthenticated RCE

MajorDoMo contains a remote code execution caused by an include order bug and lack of exit after redirect in admin panel's PHP console, letting unauthenticated attackers execute arbitrary PHP code via crafted GET requests. id: CVE-2026-27174 info: name: MajorDoMo - Unauthenticated RCE author:...

9.8CVSS6.7AI score0.06996EPSS
Exploits4References4
CVE
CVE
added yesterday16 views

CVE-2026-46628

CVE-2026-46628 affects Twig (PHP template engine). Before 3.26.0, the deprecated spaceless filter was registered as safe for HTML, causing Twig autoescaping to emit attacker‑controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0. Affected: ...

5.1CVSS6.1AI score0.00056EPSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-48760

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs...

6.1CVSS0.00025EPSS
Exploits0References5
CVE
CVE
added yesterday30 views

CVE-2026-48068

The CVE-2026-48068 entry concerns @grpc/grpc-js (Pure JavaScript gRPC implementation). The issue is triggered by an invalid incoming HTTP/2 stream initiation, which can cause the server process created by @grpc/grpc-js to crash. Affected versions are pre-fix: 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13...

7.5CVSS6.1AI score0.00052EPSS
Exploits0References13
OSV
OSV
added yesterday3 views

RHSA-2026:38995 Red Hat Security Advisory: go-toolset:rhel8 security, bug fix, and enhancement update

Bulletin has no description...

8.2CVSS6.1AI score0.00939EPSS
Exploits0References28
OSV
OSV
added yesterday3 views

RHSA-2026:38902 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS6.1AI score0.00353EPSS
Exploits7References60
OSV
OSV
added yesterday3 views

RHSA-2026:38491 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS6.7AI score0.00132EPSS
Exploits17References29
CVE
CVE
added yesterday12 views

CVE-2026-15043

CVE-2026-15043 affects DBI::SQL::Nano (versions 1.42–1.650.x) for Perl. In the non-numeric string branch of is_matched, the = with Perl's le, causing inverted = comparisons in WHERE predicates. This occurs in the fallback SQL engine used by DBI's file-backed drivers (e.g., DBD::File, DBD::DBM, CS...

9.8CVSS6.1AI score0.00184EPSS
Exploits0References4
Cvelist
Cvelist
added yesterday21 views

CVE-2026-15043 DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted <= and >= SQL operators on text

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

0.00184EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday4 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

8.1CVSS6AI score0.00397EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday6 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

7.5CVSS6AI score0.00252EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday4 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

5.3CVSS6AI score0.00261EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday6 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

7.5CVSS6AI score0.00252EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday5 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

6.5CVSS6AI score0.00235EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added yesterday4 views

firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

5.3CVSS6AI score0.00261EPSS
Exploits0References6
NVD
NVD
added 2 days ago4 views

CVE-2026-55771

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals has inverted null/self branches which could lead to incorrect equality comparisons. The EntityIdentifier.equals meth...

8.8CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-55771

CVE-2026-55771 affects CedarJava prior to 4.9.0, where EntityIdentifier.equals() has inverted null/self-reference checks, causing incorrect equality results in custom integrations. The bug does not alter Cedar’s authorization decisions (computed in Rust from JSON) but could affect external code p...

8.8CVSS6AI score0.00345EPSS
Exploits0References1
Rows per page
Query Builder