Lucene search
+L

81 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 8:21 p.m.8 views

CVE-2026-48778

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS5.8AI score0.01314EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 8:21 p.m.45 views

CVE-2026-48778 Notepad++: Arbitrary Code Execution via config.xml commandLineInterpreter

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, the tag in config.xml is read by NppXml::value Parameters.cpp:6430 and stored in nppGUI.commandLineInterpreter without any validation, whitelist, or digital signature check. When the user triggers IDMFILEOPENCMD File → Open...

7.8CVSS0.01314EPSS
Exploits5References2
CVE
CVE
added 2026/06/26 8:21 p.m.150 views

CVE-2026-48778

Notepad++ prior to 8.9.6.1 is affected by an RCE in config.xml: the value is read without validation and passed to ShellExecute when triggering File → Open Containing Folder → cmd, enabling attacker-controlled executable paths. The issue stems from NppXml::value() storing the value in _nppGUI._c...

7.8CVSS5.8AI score0.01314EPSS
Exploits5References2Affected Software1
OSV
OSV
added 2026/06/19 9:42 p.m.7 views

GHSA-MWR2-WMGP-CRJ6 OpenBao's System Backend allows Unauthorized Management of the containing Namespace

Summary A user that is granted namespace management /sys/namespaces capabilities within a non-root namespace "the victim namespace" can abuse special handling of the literal path "root" in namespace path canonicalization to manage the victim namespace itself. Details Several endpoints under...

2.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51110

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.5.5 Description Users granted namespace management capabilities within a non-root namespace can abuse the canonicalization of the literal path "root" to manage the containing namespace itself. Several endpoints unde...

2.3CVSS5.9AI score
Exploits0References6
OSV
OSV
added 2026/05/05 11:10 a.m.15 views

CLSA-2026-1777979444 openssh: Fix of CVE-2026-35414

CVE-2026-35414: fix authorizedkeys principals option mishandling with comma-containing CA principals...

8.1CVSS6AI score0.00176EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/30 5:27 p.m.3 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via the WriteMetadata process. An attacker can manipulate files, create or overwrite arbitrary files, and establish symlinks or hard links by injecting specially crafted metadata values containing newline...

10CVSS5.9AI score0.00611EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/13 1:46 p.m.8 views

SandboxJS affected by a Sandbox Escape

Summary It is possible to obtain arrays containing Function, which allows escaping the sandbox. Details There are various ways to get an array containing Function, e.g. js Object.entriesthis.at1 // 'Function', Function: Function Object.valuesthis.slice1, 2 // Function: Function Given an array...

10CVSS5.8AI score0.00547EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.7 views

SandboxJS 代码注入漏洞

SandboxJS is a security assessment tool developed by nyariv. Versions of SandboxJS prior to 0.8.34 contained a code injection vulnerability. This vulnerability stemmed from the possibility of accessing arrays containing functions, which could lead to sandbox escape...

10CVSS5.9AI score0.00547EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/10 9:16 p.m.6 views

CVE-2023-53739

Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3settings.bin file and extract base64-encoded user and admin passwords witho...

9.9CVSS7.1AI score0.00572EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/01 12:0 a.m.5 views

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the txt parameter of the getrfqcontainingsupplier function against externally entered SQL statements. An attacker can...

8.2CVSS8AI score0.00305EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/17 8:54 a.m.25 views

Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana OnPrem build 283 Vulnerability Details CVEID:CVE-2022-40897 DESCRIPTION: Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a specially crafted regula...

8.8CVSS7.3AI score0.02617EPSS
Exploits3Affected Software1
GithubExploit
GithubExploit
added 2024/08/08 2:40 a.m.224 views

Exploit for Incorrect Authorization in Apache Ofbiz

CVE-2024-38856 For Ethical Usage only, Any harmful or malicio...

9.8CVSS10AI score0.99427EPSS
Exploits10
RedHat Linux
RedHat Linux
added 2024/01/25 10:51 a.m.39 views

Moderate: Red Hat Security Advisory: frr security update

An update for frr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

9.8CVSS7.2AI score0.00939EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2024/01/12 7:57 p.m.49 views

frr security update

An update is available for frr. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FRRouting is free software that manages TCP/IP based routing protocols. It suppor...

9.8CVSS7.5AI score0.00939EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/12/08 12:0 a.m.6 views

PT-2023-35628 · Apache · Apache Poi

Name of the Vulnerable Software and Affected Versions: Apache POI affected versions not specified Description: A security exception occurs in the Apache POI library, specifically in the org.apache.poi.hdgf.streams package. The crash is related to the findChunks and findChildren methods in the...

7AI score
Exploits0References2
CVE
CVE
added 2023/08/28 12:0 a.m.118 views

CVE-2023-4560

The CVE-2023-4560 issue affects Omeka-S (GitHub: omeka/omeka-s) prior to version 4.0.4, caused by improper authorization of an index containing sensitive information. The vulnerability exposes high confidentiality impact with a CVSS base score of 6.5 (NETWORK, LOW attack complexity, LOW privilege...

6.5CVSS6.5AI score0.00592EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/06/07 2:8 a.m.5 views

golang: html/template: improper handling of JavaScript whitespace

A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...

9.8CVSS6.5AI score0.01548EPSS
Exploits0References6
Veracode
Veracode
added 2023/05/15 3:23 a.m.21 views

Denial Of Service (DoS)

github.com/vitessio/vitess is vulnerable to Denial of Service DoS attacks. Users are able to create a shard containing characters from VTAdmin, resulting in an error and no longer being able to view the keyspaces. This can be done either intentionally or inadvertently by using the / character...

4.3CVSS6.7AI score0.00983EPSS
Exploits1References7Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2023/01/25 9:8 p.m.16 views

Introducing Microservices Patterns with Spring Integration

Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today Id like to share with a project Im working on since holidays, where the mentioned...

0.1AI score
Exploits0
Rows per page
Query Builder