Lucene search
K

2875 matches found

Fedora
Fedora
added 2026/05/21 12:57 a.m.11 views

[SECURITY] Fedora 44 Update: evince-48.1-5.fc44

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

8.4CVSS5.8AI score0.00529EPSS
Exploits0
NVD
NVD
added 2026/05/20 8:16 p.m.17 views

CVE-2026-39405

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS0.00303EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in xterm

xterm before 375 allows code execution via font ops. For example, an OSC 50 response may trigger Ctrl-g, thereby leading to command execution within the vi line-editing mode of Zsh. NOTE: Font ops are not allowed in the default configurations of xterm in some Linux distributions...

9.8CVSS7.4AI score0.04949EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When inserting text while in edit mode, some characters may cause out-of-bounds memory access, leading to potentially exploitable crashes. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

6.5CVSS6.9AI score0.00796EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 9:48 p.m.18 views

Important: Red Hat Security Advisory: gimp security update

An update for gimp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.8CVSS7.4AI score0.00755EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.8 views

Mattermost doesn't check the create_post channel permission during post edit operations

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 fail to check the createpost channel permission during post edit operations which allows an authenticated attacker with revoked posting privileges to modify their existing posts via direct API requests to the post update and...

4.3CVSS5.8AI score0.00152EPSS
Exploits0References4Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/15 6:36 p.m.9 views

CVE-2021-47968 Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description

Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests to execute...

6.4CVSS6AI score0.00193EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/15 6:36 p.m.41 views

CVE-2021-47968 Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description

Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests to execute...

6.4CVSS0.00193EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.4 views

CVE-2021-47968

Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests to execute...

6.4CVSS6AI score0.00193EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/15 6:36 p.m.17 views

EUVD-2021-34821

Podcast Generator 3.1 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests t...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost such as 11.5.1 and earlier, as well as 10.11.13 and earlier, have security vulnerabilities. These vulnerabilities stem from the lack of enforcement of the PostEditTimeLimit for...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 5:36 a.m.8 views

CVE-2026-2900

Removed by vendor...

2.7CVSS5.8AI score0.00219EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.11 views

PT-2026-40860

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.10 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue exists where missing authorization checks could allow an authenticated user with Maintainer...

2.7CVSS5.8AI score0.00219EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

MongoDB Server 日志信息泄露漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server related to log information leakage,...

5.3CVSS5.8AI score0.00204EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 7:39 p.m.7 views

GHSA-PQ86-J2C2-47F6 MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/11 7:39 p.m.8 views

MantisBT: Authorization Bypass in Bugnote Editing via Issue Update API

The mcissueupdate function in MantisBT allows users having updatebugthreshold access UPDATER, with default settings to edit, change view state, and modify time tracking on bugnotes belonging to other users — bypassing the default DEVELOPER level 55 threshold required by the dedicated...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/11 4:17 p.m.42 views

CVE-2026-44197

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 4:17 p.m.13 views

PYSEC-2026-146

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.20 views

CVE-2026-42841

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters...

6.9CVSS0.00397EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/11 2:52 p.m.15 views

CVE-2026-42841 Grav: Stored XSS via Markdown media attribute() action in Grav CMS

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's Markdown media action syntax. The issue is caused by Markdown image query parameters...

6.9CVSS5.9AI score0.00397EPSS
Exploits1References2
Rows per page
Query Builder