Lucene search
K

54230 matches found

Nuclei
Nuclei
added 15 hours ago20 views

SlideDeck 1 Lite Content Slider - Cross-Site Scripting

SlideDeck 1 Lite Content Slider WordPress plugin = 1.4.8 contains a reflected cross-site scripting caused by unsanitized parameter output, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13224 inf...

6.1CVSS7.1AI score0.00577EPSS
Exploits1References1
EUVD
EUVD
added 18 hours ago8 views

EUVD-2026-42445

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 18 hours ago3 views

CVE-2026-51600

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

Exploits0References1
CVE
CVE
added 18 hours ago5 views

CVE-2026-51599

The CVE describes an authentication-free vulnerability in the RTSP service of MERCURY MIPC252W (v1.0.5, Build 230306 Rel.79931n). The root cause is insufficient input validation in the RTSP parser: when an RTSP request includes a Content-Length header without a corresponding body, the parser ente...

6AI score
Exploits0References1
EUVD
EUVD
added 18 hours ago3 views

EUVD-2026-42643

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score
Exploits0References1
CVE
CVE
added 18 hours ago4 views

CVE-2026-51600

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS5.9AI score
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-55778

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.9.1-alpha.11 and 8.6.81, the default fileUpload.fileExtensions blocklist could be bypassed by uploading a file with a non-standard or compound extension and dangerous content type,...

2.1CVSS
Exploits0References7
NVD
NVD
added yesterday5 views

CVE-2025-12506

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS
Exploits0References3
CVE
CVE
added yesterday20 views

CVE-2026-55778

Parse Server is affected by a stored XSS vulnerability where the default fileUpload.fileExtensions blocklist can be bypassed using non-standard or compound extensions paired with a dangerous Content-Type. This enables attacker-supplied content to be served by storage adapters (e.g., S3, GCS) and ...

2.1CVSS5.6AI score
Exploits0References7
Cvelist
Cvelist
added yesterday20 views

CVE-2025-12506 Use of Incorrectly-Resolved Name or Reference in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS
Exploits0References3
EUVD
EUVD
added yesterday4 views

EUVD-2025-210442

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.5 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to create a repository where the content displayed in the web interface differed from t...

3.5CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday21 views

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-59930

Mistune (Python Markdown parser) prior to 3.3.0 has a vulnerability in the toc/TableOfContents directive: heading IDs are generated as predictable toc_N values without slugifying the heading text. This can allow attacker-controlled id="toc_N" content to collide with generated anchors, potentially...

4.3CVSS6AI score
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday4 views

openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap

A flaw was found in the OpenSSL CMS implementation RFC 3211 KEK Unwrap. This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption PWRI...

7.5CVSS6.8AI score0.01744EPSS
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-42265

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added yesterday22 views

CVE-2026-58654 Grav - Arbitrary File Upload via Avatar Endpoint

The Grav API plugin getgrav/grav-plugin-api 1.0.0 contains an unrestricted file upload vulnerability in the avatar upload endpoint /api/v1/users/user/avatar. The endpoint validates only the client-declared MIME type getClientMediaType beginning with 'image/' and does not inspect the actual file...

5.3CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday102 views

PrestaHome Blog for PrestaShop <1.7.8 - SQL Injection

PrestaHome Blog for PrestaShop prior to version 1.7.8 is vulnerable to a SQL injection blind via the sbcategory parameter. id: CVE-2021-36748 info: name: PrestaHome Blog for PrestaShop 1.7.8 - SQL Injection author: whoever severity: high description: PrestaHome Blog for PrestaShop prior to versio...

7.5CVSS7.1AI score0.15415EPSS
Exploits2References5
Rows per page
Query Builder