Lucene search
K

406684 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-42943

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday5 views

CVE-2026-53653

Grav (file-based web platform) contains CVE-2026-53653: unauthenticated denial of service by requesting image derivatives with oversized dimensions via URL actions like forceResize in Grav::fallbackUrl. The root cause is that request parameters are passed to ImageMedium magic actions without a di...

8.7CVSS6.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday11 views

CVE-2026-53653 Grav: Unauthenticated denial of service via unbounded image derivative dimensions

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS
Exploits0References5
Mageia
Mageia
added yesterday5 views

Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim 9.1.1783 && Vim = 9.2.0320 && Vim 9.2.0679. CVE-2026-57454 Out-of-bounds Write in SOFO Soundfolding in Vim 9.2.0698. CVE-2026-57455 Arbitrary Code Execution via Python Omni-Completion...

8.4CVSS6.2AI score0.00303EPSS
Exploits0References33
NVD
NVD
added yesterday7 views

CVE-2026-29519

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS
Exploits1References2
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score
Exploits1References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-42906

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS6.3AI score
Exploits1References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-29519 Lucee CFML Server Reflected XSS via URL Path Parsing

Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines contain a reflected cross-site scripting vulnerability in URL path parsing that allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads...

8.2CVSS
Exploits1References2
CVE
CVE
added yesterday9 views

CVE-2026-29519

CVE-2026-29519 affects Lucee CFML Server across 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. It describes a reflected cross-site scripting vulnerability in URL path parsing, where unauthenticated remote attackers can cause arbitrary JavaScript to execute in a victim’s browser by embedding payloa...

8.2CVSS6.3AI score
Exploits1References2
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-56373

ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that uses a stale pointer when memory allocation fails. Attackers can trigger this vulnerability by processing malicious PDB files to cause crashes or write a single zero byte to freed memory...

6.3CVSS6.1AI score
Exploits0
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-56366

ImageMagick before 7.1.2-18 contains a memory leak vulnerability in the META reader when processing APP1JPEG input paths. Attackers can trigger this memory leak by providing specially crafted APP1JPEG image files, causing denial of service through resource exhaustion...

4.8CVSS6.1AI score
Exploits0
GithubExploit
GithubExploit
added yesterday31 views

patchtriage

PatchTriage !CIhttps://github.com/d01ki/patchtriage/actio...

7.2CVSS6.7AI score0.2241EPSS
Exploits3
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is for the creation of RFC9562 formerly RFC4122 UUIDs. Prior to 14.0.0, v3, v...

9.3CVSS6.2AI score0.00702EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Java, JavaScript and IBM WebSphere Application Server Liberty

Summary There are multiple vulnerabilities in Java, JavaScript and IBM WebSphere Application Server Liberty used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-40181 DESCRIPTION: React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3,...

9.3CVSS6.2AI score0.00745EPSS
Exploits3Affected Software1
The Hacker News
The Hacker News
added yesterday5 views

Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers

A single wrong variable on one line in XQUIC, Alibaba's QUIC and HTTP/3 library, lets any remote client crash the server with a short burst of completely legal traffic. There is no patch. FoxIO researcher Sébastien Féry disclosed the flaw on July 8 and nicknamed it XRING. He says it needs no logi...

9.2CVSS6.3AI score0.03225EPSS
Exploits3
GithubExploit
GithubExploit
added yesterday22 views

AI-Pentest

Auto Pentest Platform Platform otomasi penetration testing de...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-59923

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows an attacker to bypass URL protections by using specially crafted Markdown links or images containing percent-encoded javascript URIs. This can lead to the execution of arbitrary scripts in the rendered HTML,...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References6
Malwarebytes
Malwarebytes
added yesterday4 views

Two Chrome updates in two days fix critical vulnerabilities

Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that cou...

6.1AI score
Exploits0
NVD
NVD
added yesterday8 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS0.01331EPSS
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
Rows per page
Query Builder