Lucene search
K

771 matches found

RustSec
RustSec
added 2026/06/04 12:0 p.m.13 views

`pqcrypto-internals` is unmaintained: upstream PQClean project being archived

This crate provides internal FFI utilities for the pqcrypto- ecosystem, directly wrapping C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.11 views

PT-2026-46892

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score0.0005EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46856

Summary The Shopware Store API endpoint /store-api/handle-payment contains an object-level authorization flaw that allows a low-privileged external user with a normal customer or guest context to trigger the payment flow for another user’s order by supplying a foreign orderId. The affected...

4.3CVSS5.7AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/30 2:12 a.m.12 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 6:16 p.m.21 views

CVE-2026-44794

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS0.00177EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/28 5:1 p.m.9 views

CVE-2026-44794 Nautobot: REST API permits creation of GenericForeignKey references to objects that the user should not be able to reference

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 5:1 p.m.10 views

EUVD-2026-32955

Nautobot is a Network Source of Truth and Network Automation Platform. Prior to 2.4.33 and 3.1.2, in the case of inter-object references via GenericForeignKey a pattern allowing an object to reference another object that may belong to one of several different "content types" or database tables,...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Nautobot 安全漏洞

Nautobot is a web automation platform developed by the Nautobot team. Versions prior to Nautobot 2.4.33 and 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a flaw in the REST API, which failed to enforce user viewing permissions when creating or updating objects using...

5.4CVSS5.8AI score0.00177EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:9 a.m.15 views

Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:5 a.m.14 views

Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.15 views

CVE-2026-39967

TypeBot is a chatbot builder tool. In versions 3.15.2 and prior, the bot engine's the findResult query does not filter results by typebotId, allowing an authenticated user to load result data user answers, variable values from a different typebot by supplying a foreign resultId to the startChat...

3.1CVSS5.7AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.15 views

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00178EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.15 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00188EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.6 views

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6AI score0.00178EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.94 views

CVE-2026-42506

CVE-2026-42506 affects the Go ecosystem, specifically parsing in golang.org/x/net/html. The root cause is "invoking incorrect handling of namespaced elements in foreign content" which can produce an unexpected HTML tree during rendering. This can enable XSS in applications that sanitize input HTM...

6.1CVSS6AI score0.00188EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.6 views

CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6AI score0.00188EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.90 views

CVE-2026-42502

Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...

6.1CVSS6AI score0.00178EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/22 2:46 a.m.8 views

GO-2026-5025 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00188EPSS
Exploits0References3
OSV
OSV
added 2026/05/22 2:46 a.m.9 views

GO-2026-5027 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.16 views

PT-2026-42824

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description An issue in the bot engine's findResult query fails to filter results by typebotId. This allows an authenticated user to load result data, including user answers and variable values, from a differen...

3.1CVSS5.8AI score0.00186EPSS
Exploits0References5
Rows per page
Query Builder