Lucene search
K

2096 matches found

CVE
CVE
added 3 days ago8 views

CVE-2026-55466

Snipe-IT prior to 8.6.2 is affected. The vulnerability arises because UploadFileRequest sanitizes SVGs only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or ...

6.2CVSS6.1AI score0.00351EPSS
Exploits0References3
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1431 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 2:13 p.m.2 views

PYSEC-2026-724 Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...

8.8CVSS7.6AI score0.20947EPSS
Exploits1References9
Fedora
Fedora
added 2026/07/02 1:11 a.m.12 views

[SECURITY] Fedora 44 Update: caddy-2.10.2-9.fc44

Caddy is an extensible server platform that uses TLS by default...

10CVSS6.8AI score0.0326EPSS
Exploits9
OSV
OSV
added 2026/07/01 2:17 a.m.4 views

UBUNTU-CVE-2026-57963

An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40521

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00316EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 7:32 p.m.15 views

CVE-2026-13449

IBM Business Automation Manager Open Editions (versions 9.0.0–9.4.2) are vulnerable to an XML External Entity (XXE) attack when processing XML data, potentially exposing sensitive information or exhausting memory. Root cause: XXE in XML processing. Impact: confidentiality and availability risks a...

9.1CVSS5.8AI score0.00406EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54276

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An improper implementation of XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS by using a crafted HTML page to inject arbitrary scripts or HTML. Recommendatio...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References447
CVE
CVE
added 2026/06/26 10:58 p.m.15 views

CVE-2026-55975

CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:52 p.m.3 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 2:30 p.m.5 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in edk2

EDK2 contains a vulnerability in the BIOS, where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Successful exploitation of this vulnerability could lead to possible information disclosure or escalation of privileges, thereby affecting...

5.8CVSS7AI score0.00123EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: Do not dump the entire memory region. The current logic in cperprintfwerr does not check whether the length of the error record is sufficient to handle the offset. In a faulty firmware, if the offset is greater than the...

5.5CVSS6AI score0.00123EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: EFI: Fix for reserving unaccepted memory tables The reserveunaccepted function incorrectly calculates the size of the memblock reservation for the unaccepted memory tables. It aligns the size of the tables, but fails to take into...

7.1CVSS6AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 6:18 p.m.3 views

UBUNTU-CVE-2026-52844

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /private\secret.txt as outside /private/, but fileserver later resolves the same request path as private\secret.txt on disk. An unauthenticated remote client can bypass Caddy...

7.5CVSS5.9AI score0.00409EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 6:18 p.m.4 views

UBUNTU-CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

4.2CVSS5.8AI score0.00153EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 6:17 p.m.3 views

UBUNTU-CVE-2026-45135

Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct fla...

8.1CVSS6.5AI score0.00399EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38442

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: RISCV: Kernel mappings of the EFI page table must be synchronized before switching to the EFI page table. The EFI page table is initially created as a copy of the kernel page table. When VMAPSTACK is enabled, kernel stacks are...

5.5CVSS5.7AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 1:45 p.m.13 views

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

6.9CVSS5.1AI score0.0013EPSS
Exploits0References4
Rows per page
Query Builder