Lucene search
+L

655 matches found

osv
osv
added 2 days ago2 views

SUSE-SU-2026:2955-1 Security update for the Linux Kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: - CVE-2026-31685: netfilter: ip6teui64: reject invalid MAC header for all packets bsc1263670. - CVE-2026-43025: netfilter: ctnetlink: ignore explicit helper on...

9.8CVSS6.1AI score0.00563EPSS
Exploits4References15
euvd
euvd
added 6 days ago6 views

EUVD-2026-42887

n8n before 1.123.24, 2.10.4, and 2.12.0 across its 1.x and 2.x branches contains cross-site scripting and open redirect vulnerabilities in the Form Node due to unsanitized HTML description fields and overly permissive iframe sandbox policies. Authenticated users with workflow creation permissions...

5.1CVSS6.1AI score0.00169EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/26 7:30 p.m.6 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/22 3:37 p.m.2 views

CVE-2026-11994

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS6AI score0.00321EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/06/22 3:37 p.m.33 views

CVE-2026-11994 Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

4.8CVSS0.00321EPSS
Exploits0References2
cve
cve
added 2026/06/22 3:37 p.m.9 views

CVE-2026-11994

CVE-2026-11994 concerns Akaunting 3.1.21, reporting an authenticated stored XSS in the report description rendering . A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report, potentially affecting other users interacting with the...

4.8CVSS6AI score0.00321EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/21 11:30 p.m.7 views

CVE-2026-12845

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage...

5.8AI score
Exploits0References1
osv
osv
added 2026/06/17 8:17 p.m.5 views

DEBIAN-CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.4AI score0.0012EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/17 1:25 a.m.8 views

CVE-2026-53441

A flaw was found in Jenkins. This vulnerability, a stored cross-site scripting XSS issue, allows attackers with Agent/Configure permission to inject malicious scripts into the user-provided description of a generic offline cause. When other users view this description, the injected script can...

5.4CVSS5.1AI score0.00261EPSS
Exploits0References4
cve
cve
added 2026/06/15 8:59 p.m.30 views

CVE-2026-48157

Slim PHP framework (versions 4.4.0–4.15) is affected by an HTML/JavaScript injection in error pages when HttpException::setTitle() and/or setDescription() are fed with untrusted data. The issue can occur in HTML error pages generated by Slim and is present even with displayErrorDetails = false; v...

6.1CVSS5.5AI score0.00167EPSS
Exploits0References2
redhat
redhat
added 2026/06/15 2:29 a.m.9 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.8CVSS6.5AI score0.00353EPSS
Exploits4References4
osv
osv
added 2026/06/11 6:0 a.m.8 views

RLSA-2026:23259 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 For more details about the security issues,...

7.8CVSS5.5AI score0.00353EPSS
Exploits4References2
redhat
redhat
added 2026/06/10 12:31 p.m.26 views

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.3AI score0.12797EPSS
Exploits9References5
jenkins
jenkins
added 2026/06/10 12:0 a.m.9 views

Stored XSS vulnerability in node offline cause description

Since Jenkins 2.483, the description of the reason why a node is offline the "offline cause" is defined as containing HTML and rendered as such. Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not escape the user-provided description of a generic offline cause that could be set through th...

8CVSS4.9AI score0.00261EPSS
Exploits0Affected Software1
almalinux
almalinux
added 2026/06/08 12:0 a.m.29 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smb: client: fix OOB reads parsing symlink error response CVE-2026-31613 kernel: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31786 kernel: Linux kernel: smb: client: reject...

8.1CVSS6.6AI score0.00378EPSS
Exploits4References8
redhatcve
redhatcve
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8288

A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsmhandlepdusessionmodificationqosflowdescriptions of the file src/smf/gsm-handler.c of the component SMF. Executing a manipulation of the argument n1SmMsg can lead to denial of service. The attack may be launched...

6.5CVSS5.1AI score0.00378EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:37 p.m.12 views

CVE-2026-47694

WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes whe...

5.4CVSS5.4AI score0.00162EPSS
Exploits1References1
euvd
euvd
added 2026/06/04 6:46 p.m.18 views

EUVD-2026-33304

WWBN AVideo: Stored XSS via unescaped Gallery category description...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References2
redhat
redhat
added 2026/06/04 12:43 p.m.14 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS5.8AI score0.00353EPSS
Exploits4References2
almalinux
almalinux
added 2026/06/04 12:0 a.m.12 views

Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 For more details about the security issues,...

7.8CVSS5.4AI score0.00353EPSS
Exploits4References4
Rows per page
Query Builder