Lucene search
+L

14 matches found

CVE
CVE
added 2026/07/01 11:20 p.m.26 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:20 p.m.6 views

Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.8CVSS7AI score0.02474EPSS
Exploits0Affected Software2
EUVD
EUVD
added 2026/04/01 11:51 p.m.9 views

EUVD-2026-17610

lodash vulnerable to Code Injection via .template imports key names...

8.1CVSS7.3AI score0.02474EPSS
Exploits0References5
NVD
NVD
added 2026/03/31 8:16 p.m.19 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/23 8:45 a.m.19 views

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002539)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002539 advisory. arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks...

5.5CVSS6.5AI score0.00551EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.6 views

MiracleLinux 8 : kernel-4.18.0-553.37.1.el8_10 (AXSA:2025-9659:11)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9659:11 advisory. kernel: scsi: core: Fix unremoved procfs host directory regression CVE-2024-26935 kernel: arm64/sve: Discard stale CPU state when handling SVE traps...

7CVSS6.9AI score0.00242EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.10 views

MiracleLinux 8 : kernel-4.18.0-553.66.1.el8_10 (AXSA:2025-10755:54)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10755:54 advisory. kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free in...

7.8CVSS6.9AI score0.00203EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/04/21 11:17 a.m.5 views

WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme CiyaShop versions = 4.18.0...

9.8CVSS7.3AI score0.00396EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/03/15 4:15 p.m.3 views

CVE-2022-37402

Stored Cross-site Scripting XSS vulnerability in AFS Analytics plugin = 4.18 versions...

4.8CVSS5.8AI score0.00392EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.3 views

SUSE CVE-2019-3819

A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...

4.2CVSS6.4AI score0.00457EPSS
Exploits0References10
CNNVD
CNNVD
added 2022/03/16 12:0 a.m.12 views

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor 4 versions prior to 4.18.0, which stems from a vulnerability discovered in the core HTML processing module that affects all plugins used in CKEditor4 versions prior to 4.18.0. The...

5.4CVSS7.1AI score0.0119EPSS
Exploits0References13
OSV
OSV
added 2019/01/25 6:29 p.m.5 views

AZL-6520 CVE-2019-3819 affecting package kernel for versions less than 5.10.78.1-1

A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...

4.4CVSS6.5AI score0.00457EPSS
Exploits0References1
OSV
OSV
added 2019/01/25 6:29 p.m.2 views

DEBIAN-CVE-2019-3819

A flaw was found in the Linux kernel in the function hiddebugeventsread in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user "root" can cause a system lock up and a denial of service. Versions from v4.18 and newe...

4.4CVSS6.1AI score0.00457EPSS
Exploits0References1
Rows per page
Query Builder