Lucene search
+L

23276 matches found

CVE
CVE
added yesterday17 views

CVE-2026-54159

CVE-2026-54159 affects PrestaShop ps_facetedsearch module versions 3.0.0 through 4.0.3. The root cause is trusting the value of slider filters (price/weight) from the request URL, storing it in an internal cache, and deserializing it with PHP’s native unserialize(), enabling a crafted object inje...

10CVSS5.7AI score0.00092EPSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-47184

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...

6.5CVSS0.00023EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday6 views

CVE-2026-8476 Disk Cache Deserialization Remote Code Execution Vulnerability

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-8476

Langflow OSS versions 1.0.0–1.10.0 are impacted by a remote code execution vulnerability in the disk-based cache. The AsyncDiskCache deserializes cached items with unsafe pickle.loads() without validation, allowing arbitrary code execution when an attacker can influence cached data (e.g., through...

9.9CVSS6.5AI score
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45276

IBM Langflow OSS 1.0.0 through 1.10.0 contain a critical remote code execution vulnerability in the disk-based caching mechanism. The AsyncDiskCache class uses Python's unsafe pickle.loads function to deserialize cached objects from disk without validation, integrity verification, or...

9.9CVSS6.5AI score
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-48487 Zeroconf: Unvalidated rdlength in record payload readers allows LAN-local cache corruption via crafted mDNS packet

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.16, readcharacterstring and readstring in src/zeroconf/protocol/incoming.py advanced self.offset by attacker-declared RDLENGTH without checking it against self.datalen, allowing unauthenticated hosts on th...

5.3CVSS
Exploits0References5
CVE
CVE
added yesterday16 views

CVE-2026-48487

CVE-2026-48487 (python-zeroconf) : Prior to 0.149.16, _read_character_string and _read_string in zeroconf’s incoming protocol could advance the parser past the end of the payload by using attacker-declared RDLENGTH without checking against data length, enabling unauthenticated LAN-local hosts on ...

5.3CVSS5.2AI score
Exploits0References5
Cvelist
Cvelist
added yesterday9 views

CVE-2026-47184 Zeroconf: Unbounded DNS record cache allows LAN-local memory exhaustion via multicast flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.7, DNSCache.asyncadd inserted every response record into cache, expirations, expireheap, and servicecache without a cap, allowing unauthenticated hosts on the local link over UDP/5353 224.0.0.251 / ff02::f...

6.5CVSS0.00023EPSS
Exploits0References5
NVD
NVD
added yesterday7 views

CVE-2024-23571

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday10 views

CVE-2024-23571

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2024-23571

The CVE-2024-23571 entry concerns HCL Aftermarket EPC. Affected component: the application’s caching policy for pages and forms. Root cause: no appropriate caching policy governing how much page content and form fields are cached, enabling local cache data to be retrieved by other users on the sa...

4.3CVSS5.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2024-23571

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS5.2AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2024-55664

HCL Aftermarket EPC is vulnerable to attack since the application does not have an appropriate caching policy specifying the extent to which the page and its form fields should be cached. If sensitive information in application responses is stored in the local cache, then this may be retrieved by...

4.3CVSS5.2AI score
Exploits0References1
Nuclei
Nuclei
added yesterday113 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.9AI score0.0302EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday68 views

Apache mod_userdir CRLF injection

Apache CRLF injection allowing HTTP response splitting attacks on sites using moduserdir. id: CVE-2016-4975 info: name: Apache moduserdir CRLF injection author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using...

6.1CVSS6.1AI score0.19798EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday137 views

LiteSpeed Cache <= 6.4.1 - Sensitive Information Exposure

The LiteSpeed Cache plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.1 through the debug.log file that is publicly exposed. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the...

9.8CVSS8.2AI score0.83178EPSS
Exploits7References5
Nuclei
Nuclei
added yesterday24 views

LiteSpeed Cache <= 6.5.0.2 - Stored XSS

LiteSpeed Technologies LiteSpeed Cache versions up to 6.5.0.2 contain a stored cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in victim browsers, exploit requires storing malicious input. id: CVE-2024-47374 info...

7.1CVSS5.4AI score0.0138EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday120 views

Sercomm VD625 Smart Modems - CRLF Injection

Sercomm AGCOMBO VD625 Smart Modems with firmware version AGSOT2.1.0 are vulnerable to Carriage Return Line Feed CRLF injection via the Content-Disposition header. id: CVE-2021-27132 info: name: Sercomm VD625 Smart Modems - CRLF Injection author: geeknik severity: critical description: Sercomm...

9.8CVSS8.4AI score0.16062EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday17 views

WP Google Maps < 9.0.48 - Cross-Site Scripting

WP Google Maps WordPress plugin 9.0.48 contains a stored XSS vulnerability caused by unsanitized user input in AJAX actions, letting unauthenticated attackers execute scripts via stored payloads. id: CVE-2025-11307 info: name: WP Google Maps 9.0.48 - Cross-Site Scripting author: 0xAkoko severity:...

8.8CVSS5.2AI score0.01873EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday11 views

W3 Total Cache < 2.8.2 - Log File Exposure

The plugin is vulnerable to Information Exposure through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF...

7.5CVSS8.2AI score0.02206EPSS
Exploits0References3
Rows per page
Query Builder