Lucene search
K

128921 matches found

OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-57432

Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the...

6.2AI score
Exploits0References1
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-57433

Storable versions before 3.41 for Perl have a signed integer overflow when deserializing a crafted SXHOOK record. retrievehookcommon reads a signed 32-bit item count from an SXHOOK record and calls avextend with that count plus one. A count of I32MAX wraps the addition to a negative value. A...

6.2AI score
Exploits0References1
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-40553

Buffer overflow vulnerability has been found in "extension/readdir.c" program file of gawk ftype routine. This issue could be used to crash the program and potentially to achieve code execution, although the latter has not been confirmed to be feasible. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score
Exploits0References1
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-13221

Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...

6.1AI score
Exploits0References1
OSV
OSV
added yesterday5 views

DEBIAN-CVE-2026-40468

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References1
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-40467

Use After Free vulnerability has been found in "io.c" program file of gawk dogetlineredir routine. This issue may lead to a crash. It affects gawk in versions 5.4.0 and below...

7.5CVSS6AI score
Exploits0References1
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-53364

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix memory leak in hcilebigterminate hcilebigterminate allocates isolistdata via kzallocobj but returns 0 without freeing it when neither pasyncterm nor bigsyncterm flags are set after evaluating the PA and BI...

6AI score
Exploits0References1
OSV
OSV
added yesterday2 views

CGA-9J3G-98FW-QG4G

Bulletin has no description...

7.5CVSS6.1AI score0.00432EPSS
Exploits0
Nuclei
Nuclei
added yesterday193 views

Mongo-Express - Remote Code Execution

Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...

9.8CVSS7.4AI score0.74519EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday19 views

ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

9.8CVSS7.5AI score0.06589EPSS
Exploits1References2
OSV
OSV
added 2 days ago2 views

MINI-2VGR-MC8G-4VXQ

Bulletin has no description...

9.1CVSS6.1AI score0.00403EPSS
Exploits0
CVE
CVE
added 2 days ago15 views

CVE-2026-61875

The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-61875 luci-app-upnp Stored XSS via UPnP Port Mapping Description

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS0.00289EPSS
Exploits0References2
OSV
OSV
added 2 days ago3 views

ECHO-5B7B-7765-6253

Bulletin has no description...

9.1CVSS6.1AI score0.00116EPSS
Exploits0References2
OSV
OSV
added 2 days ago2 views

ECHO-AF5A-046F-F3B2

Bulletin has no description...

7.5CVSS6.1AI score0.00104EPSS
Exploits0References2
OSV
OSV
added 3 days ago1 views

ECHO-A17A-4028-5497

Bulletin has no description...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CGA-FQW6-G84H-PRC6

Bulletin has no description...

6.1AI score
Exploits0
NVD
NVD
added 4 days ago4 views

CVE-2026-55659

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document's nam...

7.7CVSS0.00275EPSS
Exploits0References3
OSV
OSV
added 4 days ago7 views

DEBIAN-CVE-2026-57157

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.28.0, FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled scan attacker-supplied DeviceName and VirtualChannelName fields for a NUL terminator in...

6.5CVSS6.1AI score0.00522EPSS
Exploits1References1
NVD
NVD
added 4 days ago8 views

CVE-2026-13710

The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...

6.4CVSS0.00206EPSS
Exploits0References8
Rows per page
Query Builder