Lucene search
K

14679 matches found

Cvelist
Cvelist
added yesterday30 views

CVE-2026-15202 YzmCMS Header yzmphp.php get_url cross site scripting

A security vulnerability has been detected in YzmCMS up to 7.5. Affected is the function geturl of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTPHOST leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

5.3CVSS
Exploits0References5
CVE
CVE
added yesterday10 views

CVE-2026-15202

CVE-2026-15202 affects YzmCMS up to version 7.5. The vulnerability resides in the get_url function of /yzmphp/yzmphp.php within the Header Handler, where manipulation of the HTTP_HOST argument enables cross-site scripting. Exploitation is remote and publicly disclosed. Vendor contact did not elic...

5.3CVSS4.1AI score
Exploits0References5
Cvelist
Cvelist
added yesterday28 views

CVE-2026-59213 Open WebUI: Cross-user model-list exposure via static cache key in get_all_models (aiocache key= vs key_builder= misuse)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-59213

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.6.27 before 0.10.0, getallmodels handlers in routers/openai.py and routers/ollama.py passed a lambda to aiocache key instead of keybuilder, causing permission-filtered per-user model lists to share a stat...

3.5CVSS6AI score
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-59216

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, geteventcall delivered execute:python and execute:tool Socket.IO events to a client-supplied sessionid after checking only that the session was connected, allowing authenticated users who learne...

7.7CVSS6AI score
Exploits0References5Affected Software1
EUVD
EUVD
added yesterday4 views

EUVD-2026-42568

The Blocks for ACF Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getallvalues function in the /wp-json/acf-field-blocks/v1/values REST endpoint in versions up to, and including, 1.6.2. The permissioncallback only verifies the...

6.5CVSS6.1AI score
Exploits0References8
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-15119

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS6AI score0.00161EPSS
Exploits0
NVD
NVD
added 2 days ago6 views

CVE-2026-60105

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS0.00308EPSS
Exploits0References2
NVD
NVD
added 2 days ago7 views

CVE-2026-56669

Elysia is a Typescript framework for request validation, type inference, OpenAPI documentation, and client-server communication. Prior to 1.4.29, Elysia uses getAll in form data normalization for multipart/form-data endpoints, causing the amount of work to grow quadratically with the number of...

7.5CVSS0.00358EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42427

Monsta FTP before 2.14.5 contains a server-side request forgery vulnerability in the fetchRemoteFile action caused by an incomplete IP blocklist check in the isBlockedIP function, which fails to detect embedded IPv4 addresses within IPv4-mapped IPv6 addresses. An unauthenticated attacker can obta...

8.6CVSS5.9AI score0.00308EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago4 views

CVE-2026-55999

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.7AI score0.00284EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago7 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS6AI score0.00148EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15036 Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization

A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/listall.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotel...

5.3CVSS0.00396EPSS
Exploits0References6
NVD
NVD
added 2 days ago8 views

CVE-2026-60092

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS0.002EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42270

AVideo Meet plugin through commit e8d6119f3cb1b849149906efeb0a41fc024f59f8 contains a stored cross-site scripting vulnerability in the Meet plugin's getMeetInfo.json.php endpoint. When a participant joins a public meeting, the raw HTTP User-Agent header is stored meetjoinlog.useragent without...

6.1CVSS5.7AI score0.002EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-56362 ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

3.3CVSS0.00195EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2 days ago4 views

CVE-2026-56362

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

4.2CVSS6.1AI score0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago3 views

EUVD-2026-42253

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS5.9AI score0.00214EPSS
Exploits0References2
CVE
CVE
added 2 days ago8 views

CVE-2026-56284

Capgo (Cap-go/capgo) before version 12.128.2 has an information disclosure flaw in the Supabase PostgREST RPC function public.get_total_metrics(org_id). The RPC is callable by the anon role using only the public sb_publishable_* key, allowing an unauthenticated attacker to probe organization exis...

6.9CVSS5.9AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-42248

Capgo Cap-go/capgo before 12.128.2 exposes the Supabase PostgREST RPC function public.getorgsv6userid uuid, which is SECURITY DEFINER and granted to the anon role, allowing unauthenticated access. Because the function accepts a caller-supplied user UUID without verifying it matches the...

8.7CVSS6AI score0.00255EPSS
Exploits0References2
Rows per page
Query Builder