Lucene search
K

1037 matches found

Nuclei
Nuclei
added yesterday10 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS5.8AI score0.00648EPSS
Exploits1References2
NVD
NVD
added 5 days ago5 views

CVE-2026-57316

Subscriber Sensitive Data Exposure in GetGenie = 4.4.2 versions...

6.5CVSS0.00355EPSS
Exploits0References1
NVD
NVD
added 5 days ago6 views

CVE-2026-57313

Subscriber Cross Site Scripting XSS in SureCart = 4.2.2 versions...

6.5CVSS0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-54841

Unauthenticated Sensitive Data Exposure in Vitepos = 3.4.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39365

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
OSV
OSV
added last week7 views

RHSA-2026:28738 Red Hat Security Advisory: kpatch-patch-5_14_0-427_100_1, kpatch-patch-5_14_0-427_113_1, kpatch-patch-5_14_0-427_126_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update

Bulletin has no description...

8.8CVSS5.8AI score0.00563EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added last week7 views

SUSE CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/23 10:7 p.m.28 views

CVE-2026-47693 Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 2:59 p.m.95 views

CVE-2026-53550

js-yaml vulnerability CVE-2026-53550 stems from the merge-key handling (&lt;&lt;) in lib/loader.js, causing quadratic parse-time DoS when processing crafted YAML with repeated aliases prior to version 4.2.0. Affected: js-yaml

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 2:59 p.m.4 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

9.8CVSS6.9AI score0.00777EPSS
Exploits2Affected Software2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Qemu

In QEMU 4.2.1, the ati2dblt function in hw/display/ati2d.c may encounter an out-of-bounds situation during calculations. This could cause the QEMU process to crash...

6.5CVSS6.9AI score0.02498EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the file libavfilter/vffloodfill.c. This vulnerability may lead to memory corruption and other potential issues...

8.8CVSS6.7AI score0.01611EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in ffmpeg

An integer overflow vulnerability exists in the function filterprewitt in libavfilter/vfconvolution.c in Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...

8.8CVSS7.9AI score0.01221EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.59 views

Astra Linux – Vulnerability in ffmpeg

There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the getblockrow function in libavfilter/vfbm3d.c. This vulnerability may lead to memory corruption and other potential issues...

8.8CVSS7.3AI score0.01178EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in ffmpeg

A memory corruption issue in the mpegmuxwritepacket function in libavformat/mpegenc.c of FFmpeg 4.2 can lead to a denial of service DOS attack through a specially crafted AVI file...

6.5CVSS6.3AI score0.00917EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, allowing HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation, an...

7.5CVSS6.1AI score0.00958EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Qemu

The ethgetgsotype function in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process by sending packet data that lacks a valid Layer 3 protocol...

6.5CVSS6.8AI score0.02515EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in python-tornado

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

7.5CVSS7AI score0.01051EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in ffmpeg

A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the inaviaddientry function...

6.5CVSS6.2AI score0.0103EPSS
Exploits1References2
Rows per page
Query Builder