Lucene search
K

8 matches found

CVE
CVE
added 2026/07/01 1:36 p.m.76 views

CVE-2026-6682

CVE-2026-6682 affects FatFs in R0.16 and earlier, where in mount_volume() a multiply operation fasize *= fs->n_fats can overflow, causing an integer wrap. This overflow can lead to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. Impact described as CWE-190...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/06/12 10:16 p.m.20 views

CVE-2026-53827

OpenClaw before 2026.5.2 contains a credential exposure vulnerability in message.action forwarding that allows model-controlled metadata to forward action payloads with Gateway credentials to attacker-supplied loopback URLs. Remote attackers can intercept Gateway tokens and action payloads by...

6.5CVSS0.00254EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 11:54 p.m.26 views

CVE-2026-46546

CVE-2026-46546 affects Frappe Learning Management System (LMS) prior to version 2.53.0. An authenticated user could provide specially crafted content in editable fields, which surfaces in page metadata and causes visitors’ browsers to navigate to an attacker‑chosen URL. The issue has been patched...

5.4CVSS5.4AI score0.00136EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/23 3:0 p.m.6 views

CVE-2026-40472

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting XSS attacks...

9.9CVSS5.8AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 3:16 p.m.7 views

UBUNTU-CVE-2026-5438

A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with Content-Encoding: gzip. The server does not enforce limits on decompressed size and allocates memory based on attacker-controlled compression metadata. A specially crafted gzip payload can trigger excessive...

7.5CVSS5.8AI score0.00484EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 4:11 p.m.4 views

CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip metadata is concatenated into HTML without escaping and then rendered with innerHTML inside the...

5.4CVSS5.9AI score0.00286EPSS
Exploits1References5
CVE
CVE
added 2026/01/27 5:29 p.m.30 views

CVE-2025-14911

CVE-2025-14911 involves the mongo-c-driver (GridFS) where user-controlled chunkSize metadata can cause an integer overflow leading to a heap allocation failure. Affected component/file: GridFS handling in the mongo-c-driver, with the underlying issue being insufficient validation of the chunkSize...

7.1CVSS5.9AI score0.00275EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/09/16 5:17 p.m.25 views

Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata

Issue If an attacker is able to control a threshold of keys to insert the same public key more than once with different key IDs into signed, trusted metadata on a TUF repository, then go-tuf clients 0.3.2 are susceptible to an attack where attackers can cause the same signature from the same publ...

5.8AI score
Exploits0References4Affected Software1
Rows per page
Query Builder