Lucene search
K

1456 matches found

CVE
CVE
added 5 days ago13 views

CVE-2026-57958

Summary: Mixpost

6.1CVSS5.9AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-40143

Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...

6.1CVSS5.9AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-13751 Snowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!load

Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement reader's !source/!load directives could reference remote URLs that were retrieved at runtime without sufficient restriction on the request destination. B...

4.1CVSS0.00118EPSS
Exploits0References1
OSV
OSV
added 5 days ago6 views

PYSEC-2026-366 Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP

The nbconvert HTTP handlers in jupyterserver render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanitizing behavior, a notebook carrying an HTML payload in a displaydata outpu...

9.3CVSS5.8AI score0.00227EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 7:17 p.m.22 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS0.00177EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 5:31 p.m.14 views

CVE-2026-50146

CVE-2026-50146 affects the Astro web framework prior to 6.3.3. When a component uses a client:* directive, Astro inserts named slot content into a data-astro-template attribute without escaping the slot name, allowing an attacker to break out of the attribute context and inject arbitrary HTML, re...

7.1CVSS5.9AI score0.00177EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 5:31 p.m.30 views

CVE-2026-50146 Astro: Reflected XSS via unescaped slot name

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS0.00177EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:31 p.m.6 views

CVE-2026-50146

Astro is a web framework. Prior to 6.3.3, when a component uses a client: directive, Astro inserts named slot content into a data-astro-template attribute without HTML escaping the slot name allowing an attacker to break out of the attribute context and inject arbitrary HTML, resulting in reflect...

7.1CVSS5.9AI score0.00177EPSS
Exploits1References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Apache2

A regression in Apache HTTP Server 2.4.60 ignores some uses of the legacy content-type-based configuration for handlers. Configurations like “AddType” and similar settings, under certain circumstances where files are requested indirectly, can lead to exposure of local content in the source code...

6.2CVSS6.3AI score0.00889EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 8:4 p.m.9 views

EUVD-2026-37792

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...

8.6CVSS5.6AI score0.00492EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/17 4:39 p.m.4 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...

8.6CVSS5.9AI score0.00567EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/16 2:5 p.m.9 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-astro-template attribute when a component uses a client: directive and the slot name is not...

7.1CVSS5.8AI score0.00177EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

7.1CVSS6AI score0.00177EPSS
Exploits1References4
Qualys Blog
Qualys Blog
added 2026/06/10 7:40 p.m.15 views

How Federal Agencies Can Activate a Risk Operations Center (ROC) to Meet CISA BOD 26-04

Executive Summary Recognizing the ability of Frontier AI models to discover and exploit vulnerabilities at unprecedented speed and scale, CISA 's Binding Operational Directive BOD 26-04 marks a significant shift in federal vulnerability management. The directive introduces aggressive mandates,...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47736

Name of the Vulnerable Software and Affected Versions awxkit affected versions not specified Description A path traversal issue exists in the CLI tool for AWX. The YAML !include directive fails to sanitize file paths, which allows an attacker to create a malicious YAML file. When a user imports...

4.7CVSS5.9AI score0.00121EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

awxkit 路径遍历漏洞

awxkit is an open-source command-line tool developed by Ansible. Awxkit has a path traversal vulnerability, which stems from the YAML !include directive not clearing file paths properly. This vulnerability could allow attackers to read any YAML format file from the local file system through a...

4.7CVSS5.3AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:43 p.m.11 views

JLSEC-2026-589

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasmparserdirective in modules/parsers/nasm/nasm-parse.c...

5.5CVSS5.4AI score0.0032EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.7AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

5.4CVSS5.4AI score0.00401EPSS
Exploits0References6
Rows per page
Query Builder