Lucene search
+L

1061 matches found

CVE
CVE
added 2026/04/18 1:36 a.m.27 views

CVE-2026-40491

CVE-2026-40491 affects the gdown library (Python) prior to 5.2.2. A path traversal flaw in the extractall function fails to sanitize archive member filenames, allowing files to be written outside the destination directory and potentially enabling arbitrary file overwrite and Remote Code Execution...

7.8CVSS5.9AI score0.00575EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Unity Linux 20.1070a Security Update: pcs (UTSA-2026-007275)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007275 advisory. Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server's...

7.5CVSS6.4AI score0.00403EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 11:38 p.m.5 views

BIT-DJANGO-2026-4292 Privilege abuse in ModelAdmin.list_editable

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.6AI score0.00294EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/14 6:30 p.m.5 views

EUVD-2026-22650

InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00178EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.8 views

Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 授权问题漏洞

Fortinet FortiSOAR PaaS and Fortinet FortiSOAR on-premise are security orchestration, automation, and response software developed by the American company Fortinet. There are authorization-related vulnerabilities in Fortinet FortiSOAR PaaS and FortiSOAR on-premise. These vulnerabilities stem from...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32699

Name of the Vulnerable Software and Affected Versions InDesign Desktop versions 20.5.2 and 21.2 and earlier Description A Use After Free issue exists where the software continues to use a pointer after it has been freed. This could result in arbitrary code execution in the context of the current...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/10 1:22 a.m.8 views

CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

9.6CVSS5.9AI score0.00143EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:31 p.m.5 views

CVE-2026-33797

An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service DoS. An attacker repeatedly...

7.4CVSS5.8AI score0.00166EPSS
Exploits0References3Affected Software2
The Hacker News
The Hacker News
added 2026/04/09 5:26 p.m.6 views

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit SDK called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/04/09 5:5 p.m.19 views

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS0.02185EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/09 5:5 p.m.5 views

CVE-2026-39983

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS5.3AI score0.02185EPSS
Exploits1
OSV
OSV
added 2026/04/09 5:5 p.m.1 views

CVE-2026-39983 FTP Command Injection via CRLF in basic-ftp

basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handle...

8.6CVSS7.2AI score0.02185EPSS
Exploits1References10
OSV
OSV
added 2026/04/08 8:2 p.m.2 views

GHSA-CHQC-8P9Q-PQ6Q basic-ftp has FTP Command Injection via CRLF

Summary basic-ftp version 5.2.0 allows FTP command injection via CRLF sequences \r\n in file path parameters passed to high-level path APIs such as cd, remove, rename, uploadFrom, downloadTo, list, and removeDir. The library's protectWhitespace helper only handles leading spaces and returns other...

8.6CVSS6.1AI score0.02185EPSS
Exploits1References5
NVD
NVD
added 2026/04/08 9:16 a.m.4 views

CVE-2026-39701

Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through = 5.2.4...

5.3CVSS0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/08 8:30 a.m.3 views

CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

5.9AI score0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 8:30 a.m.8 views

EUVD-2026-20261

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

5.9AI score0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.16 views

PT-2026-31184

CVE-2026-39619 Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a t… https://t.co/PP035okJ62...

9.6CVSS5.8AI score0.00143EPSS
Exploits0References3
OSV
OSV
added 2026/04/07 3:30 p.m.6 views

GHSA-5MF9-H53Q-7MHQ Django has potential DoS via MultiPartParser through crafted multipart uploads

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. MultiPartParser allows remote attackers to degrade performance by submitting multipart uploads with Content-Transfer-Encoding: base64 including excessive whitespace. Earlier, unsupported Django series such as...

6.5CVSS5.8AI score0.00879EPSS
Exploits1References6
OSV
OSV
added 2026/04/07 3:30 p.m.4 views

GHSA-933H-HP56-HF7M Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/04/07 3:17 p.m.6 views

arthexis (>=0.2.6 <=0.8.0), cg-django-uaa (=2.1.9) +29 more potentially affected by CVE-2026-4292 via django (>=5.2.0 <=5.2.12)

django PYPI version =5.2.0, =0.2.6, =0.1.0, =0.1.0, =1.3.0, =1.92.0.5, =4.2.0, =0.0.7, =3.0.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-4292 Source advisory: OSV:PYSEC-2026-53...

2.7CVSS5.7AI score0.00294EPSS
Exploits0
Rows per page
Query Builder