Lucene search
K

668 matches found

Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.5 views

PT-2026-23214

Name of the Vulnerable Software and Affected Versions RadiusTheme Classified Listing versions through 5.3.4 Description An issue exists in RadiusTheme Classified Listing that allows retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Upda...

5.8AI score0.00355EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/03 7:53 p.m.4 views

CVE-2025-13616

IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system...

6.5CVSS5.9AI score0.00226EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 12:0 a.m.7 views

CVE-2024-55024

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts...

5.9AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2026/03/02 8:39 a.m.19 views

CVE-2026-20429

CVE-2026-20429 describes a local out-of-bounds read caused by a missing bounds check in the display path, potentially enabling local information disclosure when an attacker already has System privileges. All sources (NVD/Red Hat/OSV, etc.) consistently state: no user interaction is required and t...

4.4CVSS5.9AI score0.00073EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/02/27 7:18 p.m.7 views

EUVD-2026-9062

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...

7.1CVSS6AI score0.00263EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/27 7:15 p.m.6 views

CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

5.1CVSS5.9AI score0.002EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27829

Astro is a web framework. In versions 9.0.0 through 9.5.3, a bug in Astro's image pipeline allows bypassing image.domains / image.remotePatterns restrictions, enabling the server to fetch content from unauthorized remote hosts. Astro provides an inferSize option that fetches remote images at rend...

7.2CVSS5.7AI score0.00281EPSS
Exploits1References1
OSV
OSV
added 2026/02/27 12:31 a.m.4 views

GHSA-429M-9874-RX9W PSI Probe vulnerable to Server-Side Request Forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

6.3CVSS5.4AI score0.00362EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.10 views

PT-2026-22378

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3 59 Description ClipBucket is an open source video sharing platform. A normal authenticated user can store a cross-site scripting XSS payload, which is then triggered by an administrator. Recommendations Updat...

5.1CVSS5.8AI score0.002EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/26 11:32 p.m.3 views

CVE-2026-3270 psi-probe PSI Probe Whois Whois.java lookup server-side request forgery

A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit h...

6.5CVSS6.1AI score0.00362EPSS
Exploits1References4
OSV
OSV
added 2026/02/26 10:33 p.m.5 views

GHSA-FJ3W-JWP8-X2G3 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

Impact Application crashes with stack overflow when user use XML builder with prserveOrder:true for following or similar input 'foo': 'bar': '@V': 'baz' Cause: arrToStr was not validating if the input is an array or a string and treating all non-array values as text content. What kind of...

6.9CVSS5.9AI score0.00478EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/26 10:33 p.m.5 views

EUVD-2026-8811

fast-xml-parser has stack overflow in XMLBuilder with preserveOrder...

6.9CVSS5.3AI score0.00478EPSS
Exploits0References4
NVD
NVD
added 2026/02/26 2:16 a.m.14 views

CVE-2026-27942

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

7.5CVSS0.00478EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.4 views

PT-2026-22099

Name of the Vulnerable Software and Affected Versions fast-xml-parser versions prior to 5.3.8 Description fast-xml-parser is a tool for XML validation, parsing XML to JavaScript objects, and building XML from JavaScript objects without relying on C/C++ libraries or callbacks. Prior to version...

7.5CVSS6AI score0.00478EPSS
Exploits0References151
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.12 views

Astro 代码问题漏洞

Astro is a content-driven website framework developed by Astro OpenSource. Versions 9.0.0 to 9.5.3 of Astro have code vulnerabilities. These vulnerabilities stem from an issue where the image pipeline bypasses domain name restrictions, potentially leading to server-side request forgeing...

7.2CVSS5.9AI score0.00281EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/02/20 8:57 p.m.7 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS7.3AI score0.00445EPSS
Exploits1
NVD
NVD
added 2026/02/20 4:22 p.m.9 views

CVE-2026-24943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through = 5.3.4...

7.1CVSS0.00151EPSS
Exploits0References1
CVE
CVE
added 2026/02/20 3:47 p.m.15 views

CVE-2026-24943

CVE-2026-24943 is a Reflected Cross-Site Scripting vulnerability in ThemeGoods Grand Conference (grandconference) for WordPress, due to improper input neutralization during web page generation. Affected: Grand Conference versions up to 5.3.4. Root cause: insufficient sanitization of user-supplied...

7.1CVSS5.5AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/20 3:47 p.m.25 views

CVE-2026-24943 WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through = 5.3.4...

7.1CVSS0.00151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/20 3:47 p.m.6 views

CVE-2026-24943 WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Grand Conference grandconference allows Reflected XSS.This issue affects Grand Conference: from n/a through = 5.3.4...

5.3AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder