Lucene search
K

68 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/15 5:2 p.m.7 views

CVE-2026-42458

Magento Long Term Support LTS is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Prior to 20.18.0, there is a reflected XSS vulnerability under admin panel - System - Import/Export -...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:37 p.m.5 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

7.6CVSS5.8AI score0.00583EPSS
Exploits2References2Affected Software1
EUVD
EUVD
added 2026/04/01 11:51 p.m.7 views

EUVD-2026-17610

lodash vulnerable to Code Injection via .template imports key names...

8.1CVSS7.3AI score0.01735EPSS
Exploits0References5
OSV
OSV
added 2026/04/01 9:34 a.m.1 views

CLEANSTART-2026-KK98885 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, ghsa-9h8m-3fm2-qjrq applied in versions: 2.18.0-r0

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.8AI score0.00765EPSS
Exploits1References14
OSV
OSV
added 2026/02/16 4:3 p.m.6 views

BIT-POSTGRESQL-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS5.8AI score0.00481EPSS
Exploits0References7
OSV
OSV
added 2026/02/12 2:16 p.m.5 views

UBUNTU-CVE-2026-2007

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS6AI score0.00481EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/12 1:0 p.m.5 views

CVE-2026-2007 PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Heap buffer overflow in PostgreSQL pgtrgm allows a database user to achieve unknown impacts via a crafted input string. The attacker has limited control over the byte patterns to be written, but we have not ruled out the viability of attacks that lead to privilege escalation. PostgreSQL 18.1 and...

8.2CVSS5.8AI score0.00481EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 1:0 p.m.42 views

CVE-2026-2007

CVE-2026-2007 affects PostgreSQL 18.0 and 18.1 due to a heap buffer overflow in the pg_trgm component, where crafted input strings can write patterns into server memory. The attacker’s control over the byte patterns is limited, and the document notes unknown impacts, with a potential for privileg...

8.2CVSS5.8AI score0.00481EPSS
Exploits0References6Affected Software1
Microsoft Security Update
Microsoft Security Update
added 2026/02/10 6:0 p.m.106 views

2026-02 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5075904)

2026-02 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5075904...

5.4AI score
Exploits0
Packet Storm
Packet Storm
added 2026/01/23 12:0 a.m.136 views

📄 AVideo 18.0 Cross Site Scripting

AVideo version 18.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : AVideo 18.0 XSS vulnerability | | Author : indoushka | | Tested on : windo...

4.9AI score
Exploits0
OSV
OSV
added 2026/01/14 7:7 p.m.6 views

CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

5.9CVSS6.7AI score0.00433EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/14 7:7 p.m.2 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-6116

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 10 Description The Linux kernel contains a flaw within the virtio net subsystem. Specifically, an inconsistency exists in how memory is allocated and freed for the RSS header. The initial allocation uses...

5.4AI score0.00176EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-2950

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...

7.5CVSS6.6AI score0.00433EPSS
Exploits0References77
Patchstack
Patchstack
added 2025/12/19 7:12 a.m.8 views

WordPress Hummingbird plugin <= 3.18.0 - Unauthenticated Sensitive Information Exposure via Log File vulnerability

Unauthenticated Sensitive Information Exposure via Log File vulnerability discovered by ISMAILSHADOW in WordPress Plugin Hummingbird versions = 3.18.0...

7.5CVSS6.7AI score0.01986EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/18 12:22 p.m.7 views

EUVD-2025-204263

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials...

7.5CVSS5.5AI score0.01986EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 12:0 a.m.2 views

CVE-2025-66430

Plesk 18.0 has Incorrect Access Control...

6.6AI score0.00431EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 1:55 a.m.1 views

CVE-2025-66567 ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

9.3CVSS6.7AI score0.00383EPSS
Exploits0References3
Microsoft Security Update
Microsoft Security Update
added 2025/10/14 5:0 p.m.11 views

2025-10 Cumulative Update for Windows 10 Version 1809 for x64-based Systems (KB5066586)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

6.7AI score
Exploits0
GithubExploit
GithubExploit
added 2025/10/09 7:2 p.m.477 views

Exploit for Improper Input Validation in Microsoft

MSMQ Vulnerability Proof of Concept This repository contains...

9.8CVSS7.1AI score0.95454EPSS
Exploits7
Rows per page
Query Builder