Lucene search
K

64738 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-55628

A flaw was found in ImageMagick. The -concatenate operation, used for combining images, lacks proper security policy checks. This oversight could allow an attacker to read from or write to file paths that should otherwise be restricted by the security policy. This could lead to unauthorized acces...

6.1CVSS5.6AI score
Exploits0References4
Imperva Blog
Imperva Blog
added yesterday2 views

Code Injection in Perforce Helix Core (CVE-2026-6902)

Executive Summary In this article, we disclose our latest findings we made on Perforce protocol P4 Helix Core between command line client and server, and reveal how a threat actor could leverage it to conduct attacks. This security issue affects P4 Helix Core before P4 Helix Core 2025.2 Patch 2,...

7.7CVSS6.4AI score0.00449EPSS
Exploits0
NVD
NVD
added yesterday2 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-41153

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS
Exploits0References2
OSV
OSV
added yesterday3 views

GHSA-FXHP-MV3V-67QP `oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...

7.1CVSS6AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday2 views

`oras-go` tar extraction: Hardlink entry with relative Linkname escapes extract dir via process CWD resolution

Root cause The tar-extraction helper ensureLinkPath at content/file/utils.go:262-275 validates that a hardlink's target resolves inside the extract base, but then returns the original unresolved target string back to the caller: go func ensureLinkPathbaseAbs, baseRel, link, target string string,...

6AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-8XWF-RJM4-XVHV oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

6.9CVSS5.7AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday3 views

oras-go has file store write outside workingDir via symlink traversal

The file content store in oras-go attempts to confine writes to workingDir when AllowPathTraversalOnWrite=false, but the guard is lexical and does not account for symlink traversal. If workingDir contains a symlink path component and an attacker-controlled blob title via ocispec.AnnotationTitle...

5.7AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-F82J-V89J-MF86 SurrealDB: `RELATE` overwrites existing edge records without `UPDATE` permission

RELATE creates an edge record between two existing records, and SurrealDB enforces the CREATE permission on the edge table for this operation. When the statement included a SET id = edge:existing clause, however, the new edge's id ended up pointing at an record that was already in storage. Rather...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday2 views

SurrealDB: `RELATE` overwrites existing edge records without `UPDATE` permission

RELATE creates an edge record between two existing records, and SurrealDB enforces the CREATE permission on the edge table for this operation. When the statement included a SET id = edge:existing clause, however, the new edge's id ended up pointing at an record that was already in storage. Rather...

5.8AI score
Exploits0References4Affected Software1
NVD
NVD
added yesterday2 views

CVE-2026-54164

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS
Exploits0References1
OSV
OSV
added yesterday2 views

GHSA-6G9V-7GQ3-P2C6 SurrealDB: Authenticated callers can read fields hidden by field-level SELECT permissions via error messages

A record user with UPDATE access could read field values that field-level SELECT permissions hid from them. Arithmetic operators and extend embedded the raw operand into their error messages, and UPDATE permission checks evaluate against the unreduced document — so triggering such an error agains...

4.3CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday2 views

SurrealDB: Authenticated callers can read fields hidden by field-level SELECT permissions via error messages

A record user with UPDATE access could read field values that field-level SELECT permissions hid from them. Arithmetic operators and extend embedded the raw operand into their error messages, and UPDATE permission checks evaluate against the unreduced document — so triggering such an error agains...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday2 views

GHSA-4M82-P8CX-F94J SurrealDB: LIVE query subscriptions survive session state changes, bypassing access controls

A LIVE SELECT subscription records the user's auth state $auth, $token, $session, $access when it is registered, and the server uses that recorded state to evaluate the table- and row-level PERMISSIONS clauses for every subsequent notification. The recorded state is never refreshed. When somethin...

4.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday3 views

SurrealDB: LIVE query subscriptions survive session state changes, bypassing access controls

A LIVE SELECT subscription records the user's auth state $auth, $token, $session, $access when it is registered, and the server uses that recorded state to evaluate the table- and row-level PERMISSIONS clauses for every subsequent notification. The recorded state is never refreshed. When somethin...

5.8AI score
Exploits0References4Affected Software1
Malwarebytes
Malwarebytes
added yesterday3 views

Fake Perplexity Chrome extension spies on your searches

Type "Perplexity" into the Chrome Web Store and you get a range of browser extensions offering access to the popular AI search service. Until last week, one of them was called "Search for perplexity ai ," and it delivered something extra that users hadn't bargained for: a small hidden surveillanc...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-53343

A flaw was found in the Linux kernel. On ARMv5 systems configured with Kernel Address Sanitizer KASAN for virtual memory allocated VMAP stack shadow, a memory access operation could attempt to read data from an unaligned memory address. This unaligned access leads to an alignment exception, causi...

5.7AI score
Exploits0References4
Rows per page
Query Builder