Lucene search
K

276 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-59161

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS0.00524EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-59162 Excelize: Negative shared-string index causes panic in GetCellValue and GetRows

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS0.00524EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-41516

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

3.3CVSS6.2AI score0.00099EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-41515

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

3.3CVSS6.2AI score0.00094EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 7:6 p.m.31 views

CVE-2026-41514 OP-TEE: RSA-OAEP padding oracle in Hisilicon HPRE driver enables plaintext recovery

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.5.0 and prior to version 4.11.0, the RSA-OAEP decryption implementation in the Hisilicon HPRE crypto driver uses...

2.5CVSS0.00095EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/06 1:52 p.m.6 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by kai63001 in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

9.3CVSS6AI score0.00291EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/07/06 1:41 p.m.4 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57323

Unauthenticated Broken Access Control in Flash & HTML5 Video = 2.11.0 versions...

5.8CVSS0.00228EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/06/25 12:0 a.m.12 views

VulnCheck KEV: CVE-2026-12569

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.8CVSS6.5AI score0.01247EPSS
In wildExploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43915

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References3
OSV
OSV
added 2026/06/18 8:16 p.m.8 views

DEBIAN-CVE-2026-43915

Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.11.0 contain a stored cross-site scripting XSS vulnerability in the web-admin HTTPS interface. An attacker who can create a TURN allocation with a crafted USERNAME value can inject HTML/JavaScript that execut...

5.4CVSS5.6AI score0.00141EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 7:33 p.m.24 views

CVE-2026-43915

CVE-2026-43915 affects Coturn prior to 4.11.0, where the web-admin HTTPS interface vulnerable to a stored XSS via a crafted TURN USERNAME when an allocation is created. An authenticated web-admin user viewing the TURN session list can trigger script execution; in configurations with anonymous acc...

5.4CVSS4.8AI score0.00141EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/18 1:18 a.m.17 views

CVE-2026-12569

A critical remote code execution RCE vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This advisory also applies to all CPS versions The identified vulnerability also impacts Windchill and...

9.8CVSS0.01247EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 9:50 a.m.8 views

CVE-2025-58954

CVE-2025-58954 affects the WordPress Theme HomeRoofer (

8.1CVSS5.2AI score0.00423EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 7:29 p.m.37 views

CVE-2026-45778

Open XDMoD

8.6CVSS5.4AI score0.00147EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/05 7:27 p.m.41 views

CVE-2026-45777

Open XDMoD (OpenXDMoD): A remote command-injection vulnerability allows an attacker to execute arbitrary system commands on the web server process, affecting versions 9.5.0–11.0.2. Root cause: OS command injection that can compromise confidentiality, integrity, and availability. Impact includes r...

9.8CVSS5.8AI score0.00388EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 7:27 p.m.7 views

CVE-2026-45777

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

9.3CVSS5.8AI score0.00388EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/06/05 7:27 p.m.13 views

EUVD-2026-34904

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

9.3CVSS5.8AI score0.00388EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40108

GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue has been fixed in version 11.0.7...

7.1CVSS5.3AI score0.00268EPSS
Exploits0References1
Rows per page
Query Builder