Lucene search
K

76 matches found

EUVD
EUVD
added 2026/07/01 8:51 p.m.7 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 2026/06/15 9:16 p.m.11 views

CVE-2026-34900

Unauthenticated Cross Site Scripting XSS in GiveWP = 4.14.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.15 views

PT-2026-41682

Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces...

8.8CVSS5.8AI score0.0026EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 5:47 a.m.4 views

BIT-JRE-2026-23865

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

5.3CVSS7.3AI score0.00141EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.14 views

RHCOS 4 : OpenShift Container Platform 4.14.2 (RHSA-2023:6839)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6839 advisory. - golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325 - HTTP/2: Multiple HTTP/...

7.5CVSS7.1AI score0.99999EPSS
Exploits19References10
OSV
OSV
added 2026/04/29 9:23 p.m.50 views

GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client

Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...

8.8CVSS6AI score0.00332EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 8:30 a.m.23 views

CVE-2026-39485 WordPress Youtube Embed Plus plugin <= 14.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in embedplus Youtube Embed Plus youtube-embed-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Embed Plus: from n/a through = 14.2.4...

4.3CVSS0.00197EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 9:5 a.m.6 views

BIT-CEPH-2020-1699

A path traversal flaw was found in the Ceph dashboard implemented in upstream versions v14.2.5, v14.2.6, v15.0.0 of Ceph storage and has been fixed in versions 14.2.7 and 15.1.0. An unauthenticated attacker could use this flaw to cause information disclosure on the host machine running the Ceph...

7.5CVSS5.7AI score0.02092EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

Apple多款产品 安全漏洞

Apple Safari, among others, are products of the American company Apple. Apple Safari is a web browser that is the default browser included with the Mac OS X and iOS operating systems. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad...

8.8CVSS6.9AI score0.00885EPSS
Exploits0References5
OSV
OSV
added 2026/03/02 5:16 p.m.4 views

CVE-2026-23865

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

5.3CVSS5.9AI score0.00141EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:52 a.m.9 views

CVE-2020-10010

A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges...

7.8CVSS5.4AI score0.00445EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.4 views

Teamcenter Visualization WRL File Parsing Vulnerabilities

Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...

7.8CVSS6.3AI score0.00272EPSS
Exploits0References27
Tenable Nessus
Tenable Nessus
added 2025/11/07 12:0 a.m.5 views

Teamcenter Visualization SSO login service Vulnerability

Teamcenter contains an open-redirect vulnerability in its SSO login service affecting Teamcenter V14.1, V14.2, V14.3, V2312, V2406, and V2412; the SSO accepts user-controlled input that can point to external URLs, allowing an attacker to craft a link that redirects a legitimate user to a maliciou...

7.4CVSS8.6AI score0.0054EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.9 views

Astro 安全漏洞

Astro is an Astro open source web framework for content-driven websites. A security vulnerability exists in Astro versions prior to 5.14.2, which stems from an unvalidated X-Forwarded-Host header and could lead to malicious redirection and credential disclosure...

6.5CVSS6.3AI score0.0038EPSS
Exploits1References2
Mozilla
Mozilla
added 2025/09/16 12:0 a.m.9 views

Security Vulnerabilities fixed in Thunderbird 140.3 — Mozilla

Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.8AI score0.00687EPSS
Exploits0References7Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2025/06/05 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-28365

Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostnames, system architecture, and...

5.3CVSS5.8AI score0.08359EPSS
Exploits3References1
Microsoft CVE
Microsoft CVE
added 2025/05/27 7:0 a.m.3 views

In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.

...

7.5CVSS6.8AI score0.00355EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.2 views

CVE-2021-22257

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user...

5.3CVSS6.8AI score0.00908EPSS
Exploits0References1
OSV
OSV
added 2025/05/22 1:15 p.m.3 views

CVE-2025-3942

Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara...

7.5CVSS5.8AI score
Exploits0References2
Circl
Circl
added 2025/02/14 7:43 a.m.3 views

CVE-2025-26788

creationtimestamp| type| source ---|---|--- 2025-02-14 07:43:30+00:00| seen| https://infosec.exchange/users/cve/statuses/114001117806184646 2025-02-14 08:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li4r6djxlw2g 2025-02-14 08:48:27+00:00| seen|...

8.4CVSS5.3AI score0.00413EPSS
Exploits0References15
Rows per page
Query Builder