Lucene search
K

294 matches found

Nuclei
Nuclei
added 13 hours ago22 views

WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting

WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter a search query. Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean...

6.1CVSS6.2AI score0.03611EPSS
Exploits2References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in PHP 8.1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, and 8.3. before 8.3.12, when using PHP-FPM SAPI and the option catchworkersoutput is set to yes, it is possible to manipulate the log messages by removing up to 4 characters from the log messages. Additionally, if PHP-FPM is configured to us...

3.3CVSS6.6AI score0.00482EPSS
Exploits1References2
Microsoft Secure
Microsoft Secure
added 2026/06/15 4:0 p.m.10 views

Microsoft Defender email security benchmarking: Key insights from one year of data

Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway SEG and integrated cloud email security ICES vendors using real-world threat telemetry. A year ago, we set out to change how email security effectiveness is measured. With our...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/11 1:25 p.m.11 views

free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence

Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...

5.9AI score0.00084EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.9 views

PT-2026-48680

Name of the Vulnerable Software and Affected Versions free5GC UDR affected versions not specified Description Improper input validation exists in the EE subscription handlers of the free5GC UDR. The system uses a regular expression to validate the ueId variable that includes a catch-all...

7.1CVSS6AI score0.00084EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 5:16 a.m.5 views

UBUNTU-CVE-2026-41844

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

6.1CVSS5.6AI score0.00134EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:50 a.m.37 views

CVE-2026-41844 Spring Framework Open Redirect in Spring MVC and WebFlux

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

4.2CVSS0.00134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 7:32 p.m.9 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/28 7:32 p.m.33 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS0.00376EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:32 p.m.7 views

CVE-2026-32847

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 7:32 p.m.26 views

CVE-2026-32847

DeepCode (commit c991dc2) exposes a path traversal vulnerability in the SPA catch-all route of new_ui/backend/main.py. An unauthenticated attacker can read arbitrary files by sending percent-encoded path segments to GET /{full_path:path}, bypassing Starlette path normalization via %2F and %2E%2E....

8.7CVSS5.9AI score0.00376EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

DeepCode 路径遍历漏洞

DeepCode is a multi-agent code generation tool open-source by Data Intelligence Lab@HKU. Previous versions of DeepCode c991dc2 contained a path traversal vulnerability. This vulnerability originated from the SPA catch-all route in newui/backend/main.py, which had a path traversal vulnerability...

8.7CVSS6AI score0.00376EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.8 views

PT-2026-44488

Name of the Vulnerable Software and Affected Versions DeepCode versions prior to commit c991dc2 Description A path traversal issue exists in the SPA catch-all route within new ui/backend/main.py. Unauthenticated attackers can read arbitrary files by providing percent-encoded path segments to the...

8.7CVSS5.6AI score0.00376EPSS
Exploits1References4
Schneier on Security
Schneier on Security
added 2026/04/10 9:3 p.m.8 views

Friday Squid Blogging: Squid Overfishing in the South Pacific

Regulation is hard: The South Pacific Regional Fisheries Management Organization SPRFMO oversees fishing across roughly 59 million square kilometers 22 million square miles of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/27 10:16 p.m.3 views

DEBIAN-CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS5.3AI score0.00602EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/27 9:8 p.m.4 views

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS5.3AI score0.00602EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:8 p.m.8 views

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS5.9AI score0.00602EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/27 6:21 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview org.webjars.npm:handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the registerDecorator path in lib/handlebars/compiler/javascript-compiler.js. An attacker can...

8.7CVSS5.7AI score0.00602EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28571

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars templates containing decorator syntax referencing an unregistered decorator e.g., n can cause a Denial of Service. The compiled template calls lookupPropertydecorators, "n", which...

7.5CVSS5.9AI score0.00602EPSS
Exploits1References15
Packet Storm
Packet Storm
added 2026/03/26 12:0 a.m.132 views

📄 V8 BytecodeArray Swapping Sandbox Bypass

V8 suffers from a sandbox bypass due to arbitrary bytecode execution from BytecodeArray swapping before code deoptimization. Vulnerability Details When deoptimizing compiled code and resuming execution in the interpreter, V8 uses the function Deoptimizer::DoComputeOutputFrames to reconstruct the...

6.1AI score
Exploits0
Rows per page
Query Builder