Lucene search
K

110 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-54911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a...

6.5CVSS5.9AI score0.00272EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 8:53 p.m.22 views

CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS0.00272EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 8:53 p.m.10 views

CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS5.8AI score0.00272EPSS
Exploits0
EUVD
EUVD
added 2026/06/10 10:15 p.m.15 views

EUVD-2026-36196

Yamcs is a mission control framework. Prior to versions 5.13.0 and 5.12.7, an LDAP injection vulnerability exists in org.yamcs.security.LdapAuthModule when constructing search filters. The username parameter is inserted directly into the LDAP filter without proper RFC 4515 escaping. Versions 5.13...

4.3CVSS5.4AI score0.01027EPSS
Exploits3References3
CVE
CVE
added 2026/06/02 1:54 a.m.23 views

CVE-2026-3870

Zyxel VMG4005-B50B firmware versions up to 5.13(ABRL.5.4)C0 contain a buffer overflow in the UPnP AddPortMapping() command. This vulnerability could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition affecting the UPnP function of the device. The available documen...

6.5CVSS6AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...

6.9CVSS6.7AI score0.0037EPSS
Exploits1References1
CVE
CVE
added 2026/05/14 12:24 p.m.12 views

CVE-2026-6008

CVE-2026-6008 describes an authorization bypass/IDOR in DijiDemi (Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co.). Affected versions are v4.5.12.1 before v4.5.13.0. Root cause: user‑controlled key enables privilege escalation. Impact includes hi...

6.8CVSS5.8AI score0.00219EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/08 9:31 a.m.5 views

EUVD-2026-20229

Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through = 5.13...

5.9AI score0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39588

Missing Authorization vulnerability in nmerii NM Gift Registry and Wishlist Lite nm-gift-registry-and-wishlist-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NM Gift Registry and Wishlist Lite: from n/a through = 5.13...

5.3CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 8:50 p.m.1 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:50 p.m.56 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 8:48 p.m.3 views

CVE-2026-33628 Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The...

5.4CVSS6AI score0.00231EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Invoice Ninja 跨站脚本漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring functions for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a cross-site scripting vulnerability. This vulnerability stems from the product notes field allowing raw HTML to ...

5.4CVSS5.6AI score0.00202EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Invoice Ninja 安全漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring features for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a security vulnerability. This vulnerability stems from the project description field bypassing the XSS rejection...

5.4CVSS5.8AI score0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/03/03 12:0 a.m.14 views

CVE-2025-70237

CVE-2025-70237 affects D-Link DIR-513 (v1.10). The issue is a stack buffer overflow in the handling of the curTime parameter passed to goform/formSetPortTr, allowing potential control-flow disruption. Multiple sources describe this vulnerability as enabling arbitrary code execution or a denial of...

9.8CVSS6.1AI score0.00714EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/26 10:34 a.m.6 views

MAL-2026-1054 Malicious code in iosysredis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 40ebc0b0ce3b008449dfcb8149458898f7bbbffbac1a58a1ac3f5e002585b45c The package iosysredis was found to contain malicious code. Source: ghsa-malware 0d8b923c8adb27e2f28e5804af5428885fe3b1399d1cead59dd5a505e3c6f586 Any...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/23 7:26 a.m.7 views

CVE-2026-27574

OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module explicitly documented as not a security mechanism to execute user-supplied code, allowing trivial sandbox escape via a well-known...

9.9CVSS5.6AI score0.00504EPSS
Exploits2References1
OSV
OSV
added 2026/02/03 8:15 p.m.3 views

CVE-2026-25615

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...

7.2CVSS5.8AI score0.00454EPSS
Exploits1References2
CVE
CVE
added 2026/02/03 7:21 p.m.18 views

CVE-2026-25616

Blesta CVE-2026-25616 affects Blesta versions 3.x through 5.x before 5.13.3 due to mishandling of input validation (CORE-5665). Multiple sources (Red Hat, CVE listing, PacketStorm) indicate impacts include input handling defects that enable cross-site scripting in certain endpoints, with the cano...

6.1CVSS5.3AI score0.00383EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-6331

Name of the Vulnerable Software and Affected Versions Blesta versions 3.x through 5.x before 5.13.3 Description The software contains a flaw that allows for object injection. This issue is also known as CORE-5680. Recommendations Update to version 5.13.3 or later...

7.5CVSS5.5AI score0.00387EPSS
Exploits1References6
Rows per page
Query Builder