Lucene search
K

4162 matches found

RedHat Linux
RedHat Linux
added 16 hours ago4 views

LibreOffice: LibreOffice: Denial of Service via crafted OOXML documents

A flaw was found in LibreOffice. A remote attacker could exploit this out-of-bounds write vulnerability by tricking a user into opening a specially crafted OOXML Office Open XML document with mismatched encryption salt parameters. This could lead to a denial of service DoS, making the application...

7.8CVSS6.1AI score0.00078EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-55664

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS0.00243EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-59853

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS0.00235EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-59853

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the /api/storage/getCriteria endpoint returns saved search criteria from data/storage/criteria.json without the publish-access filtering used by sibling storage endpoints, allowing a publish-mode Reader to read private...

6.5CVSS6AI score0.00235EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-59834 SiYuan: SQL Query in Block Search Exposes Hidden Published Document Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS0.0038EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-59834

SiYuan URI: The vulnerability affects the block search endpoint POST /api/search/fullTextSearchBlock prior to version 3.7.1. An attacker-controlled paths value is concatenated into SQL predicates used by non-SQL search modes, enabling an unauthenticated publish visitor to inject a UNION SELECT an...

7.5CVSS6AI score0.0038EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 4 days ago7 views

CVE-2026-59834

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, the block search endpoint POST /api/search/fullTextSearchBlock concatenates attacker-controlled paths values into SQL predicates used by non-SQL search modes, allowing an unauthenticated publish visitor to inject a UNI...

7.5CVSS6AI score0.0038EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-57009

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description An unauthenticated publish visitor can perform a UNION SELECT injection via the block search endpoint 'POST /api/search/fullTextSearchBlock'. The issue occurs because the endpoint concatenates...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57010

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description The '/api/storage/getCriteria' endpoint returns saved search criteria from the data/storage/criteria.json file without applying the publish-access filtering used by other storage endpoints. This allow...

6.5CVSS6.1AI score0.00235EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42207

When the application opens a PDF, traverses and builds the annotation elements related to hyperlinks, it fails to validate the abnormal annotation relationships and field combinations. This results in the internal objects entering an invalid state. Eventually, during the destruction phase, an...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-57259

Technical details about CVE-2026-57259 are not publicly available in the provided documents; no product/version/root-cause information is present here. Monitor for updates.

6.5CVSS5.9AI score0.00205EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-57259

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS5.9AI score0.00205EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-58473

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS6AI score0.00372EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-58473 Cognee < 1.2.0 Unauthorized LLM Configuration Overwrite via /api/v1/settings

Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM provider configuration by self-registering an account and calling the settings endpoint, which performs no admin or superuser check. Attackers can redirect all L...

9.3CVSS0.00372EPSS
Exploits0References4
NVD
NVD
added 6 days ago9 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42055

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-23697 Vtiger CRM < 8.4.0 Authenticated File Upload RCE via Documents Module

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS0.00758EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-23697

Vtiger CRM before 8.4.0 contains an authenticated file upload vulnerability that allows low-privileged users to achieve remote code execution by uploading a .phar file containing arbitrary PHP code through the Documents module, bypassing the extension denylist in config.inc.php which omits the...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References4
CVE
CVE
added 6 days ago14 views

CVE-2026-23697

Vtiger CRM before 8.4.0 is vulnerable to an authenticated file upload RCE via the Documents module. An attacker with low privileges can upload a .phar file containing arbitrary PHP code, bypassing the extension denylist in config.inc.php (which omits .phar). The uploaded file is stored with its o...

8.8CVSS6.8AI score0.00758EPSS
Exploits2References3
Rows per page
Query Builder