Lucene search
K

729 matches found

OSV
OSV
added 2026/04/10 4:16 p.m.8 views

DEBIAN-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.3AI score0.0086EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 4:16 p.m.13 views

UBUNTU-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.7AI score0.0086EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/09 4:14 p.m.3 views

CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

2.3CVSS6AI score0.00208EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/09 12:0 a.m.4 views

CVE-2025-50228

Jizhicms v2.5.4 is vulnerable to Server-Side Request Forgery SSRF in User Evaluation, Message, and Comment modules...

5.8AI score0.00275EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.6 views

PT-2026-31650

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'user group id' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who ow...

2.3CVSS6AI score0.00208EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/08 6:18 p.m.19 views

CVE-2026-34782 Zammad has improper access control in AI assistance controller for text tools

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/aiassistance/texttools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This vulnerability is fixed i...

5.3CVSS0.00169EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 6:14 p.m.21 views

CVE-2026-34723 Zammad has incorrect access control in getting_started_controller

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This vulnerability is fixed i...

8.7CVSS0.00443EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 6:12 p.m.4 views

CVE-2026-34721 Zammad has Cross-site request forgery (CSRF) in OAuth callback endpoints

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4...

5.9CVSS5.9AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 6:2 p.m.4 views

EUVD-2026-20559

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...

8.3CVSS5.9AI score0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.10 views

EUVD-2026-20421

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.31 views

CVE-2026-39692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows Stored XSS.This issue affects tagDiv Composer: from n/a through = 5.4.3...

6.5CVSS0.0013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39712

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in tagDiv tagDiv Composer td-composer allows Code Injection.This issue affects tagDiv Composer: from n/a through = 5.4.3...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39641

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

5.9AI score0.00169EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.24 views

CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

6.5CVSS0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 8:30 a.m.4 views

CVE-2026-39641 WordPress Blackfyre theme <= 2.5.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through = 2.5.4...

5.9AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin tagDiv Composer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:12 p.m.5 views

Security Bulletin: IBM OpenAPI SDK Generator (Node.js) is affected by the Axios supply chain attack

Summary Due to an Axios supply chain attack, a fix for IBM Node.js SDK Core https://github.com/IBM/node-sdk-core was made available on April 2, 2026 21:03 UTC to mitigate the attack. If you used a previous version there is a possibility the affected Axios package could have been available on your...

6AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/05 12:0 a.m.13 views

a-Mac Address Change 缓冲区错误漏洞

a-Mac Address Change is a network address modification tool developed by a-Mac Corporation. Version 5.4 of a-Mac Address Change contains a buffer overflow vulnerability. This vulnerability stems from local buffer overflows in the registration form fields, which could allow local attackers to caus...

6.8CVSS6.1AI score0.00138EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-33709

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub...

6.1CVSS6.1AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2026/04/03 10:0 p.m.2 views

CVE-2026-33709 JupyterHub has an Open Redirect Vulnerability

JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links which, when clicked, take users to the JupyterHub login page, after which they are sent to an...

5.1CVSS5.9AI score0.00224EPSS
Exploits0References4
Rows per page
Query Builder