Lucene search
K

18860 matches found

Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56245

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.24 Description A share mode chart data interface fails to validate whether the tableId and field IDs provided in the request body belong to the shared resource. It only verifies that the sceneId matches the...

7.1CVSS6.1AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56190

A stored XPATH injection vulnerability exists in opnsense's trust module. Any user if given just System: CA Manager permissions can use a bool side channel/oracle to slowly leak any secret in config.xml character by character. the injection point is in the refid field of a ca object. Write-up for...

6AI score
Exploits1References2
Amazon
Amazon
added 6 days ago8 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: clear page-private in freepagesprepare CVE-2026-43303 In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl CVE-2026-43492 In...

9.8CVSS6.3AI score0.00675EPSS
Exploits1
NVD
NVD
added 2026/07/06 11:16 a.m.8 views

CVE-2026-44936

Missing filtering when the helmRepoURLRegex field isn't set on a GitRepo resource in SUSE Rancher Fleet's bundle reader in 0.15 before 0.15.2, 0.14 before 0.14.6, 0.13 before 0.13.11 and 0.12 before 0.12.15 forwards Helm authentication credentials BasicAuth to any URL specified in the helm.repo...

5CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS0.0037EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 8:6 a.m.5 views

EUVD-2026-41838

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:6 a.m.6 views

CVE-2026-48203

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Improper Input Validation, Server-Side Request Forgery SSRF vulnerability in Apache Camel Solr component. The camel-solr producer copies Exchange message headers whose names begin with the SolrParam...

6.1AI score0.0037EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/06 6:27 a.m.5 views

OESA-2026-2844 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Socket versions before 2.041 for Perl ha...

9.1CVSS5.9AI score0.00389EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.10 views

PT-2026-55899

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description An injection and Server-Side Request Forgery SSRF issue exists in the Apache Camel Solr component. T...

9.1CVSS6.1AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 2:16 p.m.7 views

CVE-2026-14751

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS0.00204EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:0 p.m.17 views

CVE-2026-14754

The CVE covers code-projects Hotel and Tourism Reservation 1.0, where the /admin/add_room.php function is vulnerable. Manipulating the arguments delete_image, edit/description, number, price, rooms, or type can trigger an SQL injection. The attack can be launched remotely, and a public exploit ha...

7.5CVSS6.8AI score0.00269EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 1:15 p.m.10 views

CVE-2026-14751

A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notescontroller::searchscratchdata of the file application/PHP/objects/notes/searchscratchdata.php. This manipulation of the argument fieldname causes sql...

6.5CVSS6.4AI score0.00204EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the extensionsRequired field of glTF files processed by the 3D file viewer. An attacker can execute arbitrary JavaScript code in the context of another user by uploading a crafted glTF file containing malicio...

8.7CVSS5.9AI score0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 8:19 p.m.22 views

CVE-2026-28737

CVE-2026-28737 affects Gitea 1.25.0 and later, with a stored XSS flaw in the built-in 3D file viewer (Online3DViewer). When a GLTF file’s extensionsRequired contains an unsupported entry, the viewer emits an error message which Gitea then inserts into the DOM via unsanitized innerHTML, enabling a...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.32 views

CVE-2026-22547 Gitea repository creation accepts invalid field values

Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values...

0.00373EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.11 views

CVE-2026-22547

Gitea prior to version 1.25.5 exposes improper input validation during repository creation (fields such as template values and trust/model formats). The CVE description aligns with multiple advisories (Snyk for modules/structs, services/forms, and repository) indicating the root cause is insuffic...

9.1CVSS5.9AI score0.00373EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 9:16 a.m.8 views

CVE-2026-9756

The GenerateBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Headline Block 'linkMetaFieldType' Dynamic Link Attribute in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00215EPSS
Exploits0References8
NVD
NVD
added 2026/07/03 8:16 a.m.11 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the guest commenter 'Website' field in versions up to, and including, 7.6.56 This is due to insufficient output escaping in the getCommentAuthor function, which interpolates the stored commentauthorurl...

7.2CVSS0.00305EPSS
Exploits0References11
Rows per page
Query Builder