Lucene search
K

96 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-48358 Adobe Commerce | Improper Encoding or Escaping of Output (CWE-116)

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-59083

Improper Handling of URL Encoding Hex Encoding vulnerability in Apache Tomcat's rewrite valve allowed security constraint bypass for some configurations. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.0.M1 through 9.0.119, from 8.5.0...

9.1CVSS6.1AI score0.00156EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/02 10:16 p.m.6 views

DEBIAN-CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

5.9CVSS6.5AI score0.00352EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/06/10 3:8 p.m.6 views

Security update for openCryptoki

This update for openCryptoki fixes the following issue: CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial of service bsc1262283. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

7CVSS5.4AI score0.0016EPSS
Exploits1References4
OSV
OSV
added 2026/06/10 3:8 p.m.7 views

SUSE-SU-2026:2355-1 Security update for openCryptoki

This update for openCryptoki fixes the following issue: - CVE-2026-40253: malformed BER-encoded cryptographic objects can lead to information disclosure and denial of service bsc1262283...

6.8CVSS5.4AI score0.0016EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-36609

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 uses a static authentication nonce that does not change between requests from the same source IP. Combined with the predictable XOR-based password encoding securityEncode function, this allows an attacker to reverse captured authentication...

7.3CVSS5.8AI score0.00166EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1070e Security Update: resteasy (UTSA-2026-016757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016757 advisory. A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the...

6.1CVSS6.7AI score0.01394EPSS
Exploits1References4
OSV
OSV
added 2026/05/12 1:57 p.m.3 views

CVE-2026-43938 YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the application's database logger YAFNET.Core/Logger/DbLogger.cs captures the incoming request's User-Agent header into a JObject, serializes it with JsonConvert, and stores the result in the EventLog.Description column...

8.1CVSS5.9AI score0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 8:21 a.m.10 views

CVE-2026-33862

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application does not properly encode or filter...

8.5CVSS5.7AI score0.00192EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.20 views

PT-2026-39988

A vulnerability has been identified in Teamcenter V2312 All versions V2312.0014, Teamcenter V2406 All versions V2406.0012, Teamcenter V2412 All versions V2412.0009, Teamcenter V2506 All versions V2506.0005, Teamcenter V2512 All versions. The affected application does not properly encode or filter...

8.5CVSS5.7AI score0.00192EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: expat (UTSA-2026-017378)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017378 advisory. xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

9.8CVSS7.2AI score0.04955EPSS
Exploits0References4
Redos
Redos
added 2026/05/06 12:0 a.m.10 views

ROS-20260506-73-0036

Vulnerability in tomcat11 related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

7.5CVSS6.2AI score0.00461EPSS
Exploits0
Redos
Redos
added 2026/05/06 12:0 a.m.8 views

ROS-20260506-73-0034

Vulnerability in tomcat due to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

7.5CVSS6.2AI score0.00461EPSS
Exploits0
Redos
Redos
added 2026/05/06 12:0 a.m.9 views

ROS-20260506-73-0035

Vulnerability in tomcat10 related to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

7.5CVSS6.2AI score0.00461EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-42040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contain...

3.7CVSS5.9AI score0.00217EPSS
Exploits1References4
Redos
Redos
added 2026/04/17 12:0 a.m.5 views

ROS-20260417-73-0046

Vulnerability in glpi due to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

7.5CVSS6.2AI score0.00191EPSS
Exploits0
Redos
Redos
added 2026/04/17 12:0 a.m.11 views

ROS-20260417-73-0044

Vulnerability in glpi due to a flaw in the output encoding or escaping mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

7.2CVSS6.2AI score0.0028EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/13 7:25 p.m.11 views

CVE-2026-4116

Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication...

7.2CVSS5.8AI score0.00417EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32442

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or...

7.5CVSS5.8AI score0.00461EPSS
Exploits0References4
OSV
OSV
added 2026/03/11 10:16 p.m.7 views

CVE-2026-3921

Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00271EPSS
Exploits0References2
Rows per page
Query Builder