Lucene search
K

1467 matches found

Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.23 views

PT-2026-50537

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component of NGINX Gateway Fabric when NGINX Plus or NGINX Open Source is used as the data plane. User-supplied...

8.6CVSS5.4AI score0.00492EPSS
Exploits0References13
Snyk
Snyk
added 2026/06/16 2:5 p.m.10 views

Cross-site Scripting (XSS)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-astro-template attribute when a component uses a client: directive and the slot name is not...

7.1CVSS5.8AI score0.00177EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49731

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.3.3 Description When a component utilizes a client: directive, the software inserts named slot content into a data-astro-template attribute without performing HTML escaping on the slot name. This allows an attacker to...

7.1CVSS6AI score0.00177EPSS
Exploits1References4
Qualys Blog
Qualys Blog
added 2026/06/10 7:40 p.m.16 views

How Federal Agencies Can Activate a Risk Operations Center (ROC) to Meet CISA BOD 26-04

Executive Summary Recognizing the ability of Frontier AI models to discover and exploit vulnerabilities at unprecedented speed and scale, CISA 's Binding Operational Directive BOD 26-04 marks a significant shift in federal vulnerability management. The directive introduces aggressive mandates,...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47736

Name of the Vulnerable Software and Affected Versions awxkit affected versions not specified Description A path traversal issue exists in the CLI tool for AWX. The YAML !include directive fails to sanitize file paths, which allows an attacker to create a malicious YAML file. When a user imports...

4.7CVSS5.9AI score0.00121EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

awxkit 路径遍历漏洞

awxkit is an open-source command-line tool developed by Ansible. Awxkit has a path traversal vulnerability, which stems from the YAML !include directive not clearing file paths properly. This vulnerability could allow attackers to read any YAML format file from the local file system through a...

4.7CVSS5.3AI score0.00121EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 1:43 p.m.12 views

JLSEC-2026-589

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasmparserdirective in modules/parsers/nasm/nasm-parse.c...

5.5CVSS5.4AI score0.0032EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.11 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.7AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

5.4CVSS5.4AI score0.00401EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.11 views

CVE-2026-41570

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string...

7.8CVSS6.3AI score0.00191EPSS
Exploits0References1
CISA
CISA
added 2026/06/05 12:0 p.m.63 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-28318link is external SolarWinds Serv-U Uncontrolled Resource Consumption Vulnerability This type of vulnerability is a frequent attack vector for malicious...

7.5CVSS5.4AI score0.10659EPSS
In wildExploits2References6
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.41 views

CVE-2026-8404 Potential exposure of private data via case-sensitive Cache-Control directives in UpdateCacheMiddleware

An issue was discovered in Django 5.2 before 5.2.15 and 6.0 before 6.0.6. django.middleware.cache.UpdateCacheMiddleware in Django does not match Cache-Control response directives case-insensitively, which allows remote attackers to read responses that were incorrectly cached because their...

3.1CVSS0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.15 views

CVE-2026-44966

Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the processing of set directives in Velocity templates. If an application renders a template controll...

9.8CVSS5.9AI score0.00505EPSS
Exploits1References1
CISA
CISA
added 2026/06/01 12:0 p.m.30 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-21182link is external Oracle WebLogic Server Unspecified Vulnerability This type of vulnerability is a frequent attack vectors for malicious cyber actors and...

7.5CVSS7.2AI score0.49689EPSS
In wildExploits3References6
EUVD
EUVD
added 2026/05/29 5:6 p.m.12 views

EUVD-2026-33369

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.4, ProjectService.GetProjectFileContent returns the contents of any Docker Compose include directive declared in a project's compose file before any path-traversal validation runs. Because...

7.7CVSS6AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 12:0 a.m.10 views

EUVD-2026-33350

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

6.5CVSS5.9AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 12:0 a.m.40 views

CVE-2026-39229

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.15 views

PT-2026-44900

Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective component. This allows for the extraction of sensitive information...

5.9AI score0.00241EPSS
Exploits0References4
OSV
OSV
added 2026/05/28 12:8 p.m.13 views

SUSE-SU-2026:21858-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References15
OSV
OSV
added 2026/05/28 12:7 p.m.6 views

OPENSUSE-SU-2026:20827-1 Security update for python-mistune

This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...

8.7CVSS5.8AI score0.00481EPSS
Exploits4References14
Rows per page
Query Builder