Lucene search
+L

2811 matches found

Nuclei
Nuclei
added 6 hours ago101 views

Drupal 11.x-dev - Full Path Disclosure

core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...

5.3CVSS5.6AI score0.09269EPSS
Exploits4
NVD
NVD
added yesterday6 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS5.2AI score
Exploits0References2Affected Software1
EUVD
EUVD
added yesterday7 views

EUVD-2024-55672

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS5.2AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2024-23572

CVE-2024-23572 affects HCL Aftermarket EPC. The issue is described as a vulnerability where a cookie appears to contain a session token, suggesting a potential risk depending on cookie contents and function. The provided metrics indicate a CVSS v3.1 base score of 4.2 (Medium) with AV:N, AC:H, PR:...

4.2CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday21 views

CVE-2024-23572

HCL Aftermarket EPC is vulnerable to attack as cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function...

4.2CVSS
Exploits0References1
Nuclei
Nuclei
added yesterday60 views

Palo Alto Expedition - SQL Injection

An SQL injection vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expeditio...

9.2CVSS9.1AI score0.99609EPSS
Exploits3References4
OSV
OSV
added 3 days ago4 views

MGASA-2026-0254 Updated python-mistune package fixes security vulnerabilities

The updated python-mistune package fixes two security vulnerablities: Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python...

8.7CVSS6.2AI score0.0035EPSS
Exploits1References4
NVD
NVD
added 2026/07/10 10:16 p.m.9 views

CVE-2026-55883

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.24.0 through 0.37.3, the Tilt HUD WebSocket at /ws/view is gated by a CSRF token, but the token is served by the unauthenticated /api/websockettoken endpoint and the upgrader accepts clients that omit an Origin...

8.3CVSS0.00222EPSS
Exploits0References4
CVE
CVE
added 2026/07/10 2:44 p.m.8 views

CVE-2026-46388

CVE-2026-46388 affects osquery. Prior to version 5.23.1, unprivileged attackers could read contents of an osquery file carve before the carve completes, due to in-progress carve directories not being created with private permissions. If the carve targets a directory the attacker controls, arbitra...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/07/10 11:34 a.m.7 views

CVE-2026-59930

A flaw was found in Mistune, a Python Markdown parser. The table of contents toc plugin and TableOfContents directive generate heading identifiers IDs as predictable values e.g., tocN without properly processing the heading text. This allows an attacker to control content with a colliding ID, whi...

4.3CVSS6AI score0.00128EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/07/10 3:11 a.m.4 views

SUSE CVE-2026-59930

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS6.1AI score0.00128EPSS
Exploits1References3
NVD
NVD
added 2026/07/09 11:17 p.m.7 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS0.00169EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/07/09 10:39 p.m.9 views

CVE-2026-59856

Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...

8.4CVSS6.3AI score0.00169EPSS
Exploits1
Snyk
Snyk
added 2026/07/08 6:46 p.m.8 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the toc process. An attacker can interfere with same-page navigation, CSS selectors, or JavaScript handlers by creating content with predictable id attributes that collide with...

5.3CVSS6.1AI score0.00128EPSS
Exploits1References2
NVD
NVD
added 2026/07/08 5:17 p.m.10 views

CVE-2026-59930

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS0.00128EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 5:17 p.m.2 views

DEBIAN-CVE-2026-59930

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS6.1AI score0.00128EPSS
Exploits1References1
CVE
CVE
added 2026/07/08 4:13 p.m.16 views

CVE-2026-59930

Mistune (Python Markdown parser) prior to 3.3.0 has a vulnerability in the toc/TableOfContents directive: heading IDs are generated as predictable toc_N values without slugifying the heading text. This can allow attacker-controlled id="toc_N" content to collide with generated anchors, potentially...

4.3CVSS6AI score0.00128EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/07/08 4:13 p.m.33 views

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS0.00128EPSS
Exploits1References3
OSV
OSV
added 2026/07/08 4:13 p.m.5 views

CVE-2026-59930 Mistune toc / TableOfContents directive: heading IDs use predictable `toc_N` numbering with no slugification, allowing collision with attacker-controlled `id="toc_N"` content

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the toc plugin and TableOfContents directive generate heading IDs as predictable tocN values without slugifying the heading text, allowing attacker-controlled id="tocN" content to collide with generated anchors and...

4.3CVSS6.1AI score0.00128EPSS
Exploits1References5
Rows per page
Query Builder