Lucene search
+L

5060 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-45841

Name of the Vulnerable Software and Affected Versions tesla versions 0.8.0 through 1.18.2 Description Improper encoding or escaping of output allows multipart part header injection through unescaped Content-Disposition parameter values. The function part headers for disposition interpolates...

2.1CVSS6AI score0.00143EPSS
Exploits0References13
OSV
OSV
added 2026/05/29 8:16 p.m.10 views

DEBIAN-CVE-2026-45372

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. The validity check isfieldvalue is run before decoding, so encode...

9.9CVSS5.6AI score0.00295EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/05/29 7:56 p.m.23 views

Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/05/29 7:56 p.m.8 views

GHSA-7J2F-6H2R-6CQC Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs

Summary Koel validates the podcast feed URL via the SafeUrl rule DNS resolution + public IP check, but the individual episode values extracted from the RSS XML are stored directly into the database without any SSRF validation. When a user plays an episode, the server downloads the full HTTP...

7.7CVSS5.8AI score0.00263EPSS
Exploits0References5
Circl
Circl
added 2026/05/29 3:0 p.m.13 views

CVE-2026-45707

creationtimestamp| type| source ---|---|--- 2026-05-29 15:00:28+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmyshiifaa2m 2026-05-29 16:23:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmyx4hyvj52m...

8.1CVSS5.7AI score0.00235EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-45047

Name of the Vulnerable Software and Affected Versions Koel versions prior to 9.3.5 Description Koel fails to validate individual episode enclosure URLs extracted from RSS XML feeds, despite validating the main podcast feed URL. These unvalidated URLs are stored in the database and subsequently...

7.7CVSS5.3AI score0.00263EPSS
Exploits0References8
CVE
CVE
added 2026/05/28 7:12 p.m.22 views

CVE-2026-49130

MPD (Music Player Daemon) prior to version 0.24.11 is affected by a CRLF injection vulnerability in the XSPF playlist plugin’s xspf_char_data function. By supplying a malicious XSPF playlist that exploits XML numeric character references, an attacker can cause Expat decoding to insert literal CR/...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References7
OSV
OSV
added 2026/05/28 8:45 a.m.8 views

BIT-JOOMLA-2026-25900 Joomla! Core - [20260501] - XSS in feed modules

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 6:18 p.m.19 views

JLSEC-2026-562 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary...

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds although an "invalid armor" message is printed...

4.7CVSS5.8AI score0.00104EPSS
Exploits0References5
NVD
NVD
added 2026/05/26 8:16 p.m.26 views

CVE-2026-24520

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS0.00155EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 7:31 p.m.24 views

CVE-2026-24520

CVE-2026-24520 concerns the WordPress Tiktok Feed plugin with a Missing Authorization vulnerability leading to Broken Access Control. Affected: Tiktok Feed versions up to and including 1.0.24. Root cause: incorrectly configured access control, enabling exploitation of access levels. CVSS 3.1 base...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 7:31 p.m.10 views

CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:31 p.m.9 views

CVE-2026-24520

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 7:31 p.m.38 views

CVE-2026-24520 WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS0.00155EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 7:31 p.m.21 views

EUVD-2026-31966

Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/26 7:30 p.m.11 views

WordPress Tiktok Feed plugin <= 1.0.24 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tiktok Feed versions = 1.0.24...

4.3CVSS5.8AI score0.00155EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/26 5:16 p.m.1 views

CVE-2026-25900

Lack of output escaping leads to a XSS vector in the feed modules...

6.1CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2026/05/26 5:16 p.m.17 views

CVE-2026-25900

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 4:43 p.m.14 views

CVE-2026-25900

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/26 4:43 p.m.13 views

EUVD-2026-31876

Lack of output escaping leads to a XSS vector in the feed modules...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder