Lucene search
K

50223 matches found

RedHat Linux
RedHat Linux
added 5 days ago7 views

Important: Red Hat Security Advisory: satellite/foreman-mcp-server-rhel9 container image available as a Technology Preview

A new satellite/foreman-mcp-server-rhel9 container image is now available as a Technology Preview in the Red Hat container registry. Satellite provides a container image that you can use to run an MCP server locally. The MCP server for Satellite is designed for advanced reporting and data analysi...

10CVSS5.8AI score0.01011EPSS
Exploits4References9
NVD
NVD
added 5 days ago7 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS0.00147EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS0.00147EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-48953

CVE-2026-48953 affects Joomla! Core. The issue is an XSS in the generic image output layout caused by a lack of escaping in the rendering path. Affected software is Joomla! Core (security entry notes this under 2026-07-07). The root cause is input/output escaping not being applied when generating...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42062

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 5 days ago8 views

CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago11 views

EUVD-2026-22188

Open WebUI has Blind Server Side Request Forgery in its Image Edit Functionality...

4.3CVSS5.9AI score0.00227EPSS
Exploits1References2
OSV
OSV
added 5 days ago5 views

PYSEC-2026-1689 Nautobot may allows uploaded media files to be accessible without authentication

Impact Files uploaded by users to Nautobot's MEDIAROOT directory, including DeviceType image attachments as well as images attached to a Location, Device, or Rack, are served to users via a URL endpoint that was not enforcing user authentication. As a consequence, such files can be retrieved by...

6.3CVSS5.9AI score0.00383EPSS
Exploits0References9
OSV
OSV
added 5 days ago4 views

PYSEC-2026-2003 vantage6 has insecure SSH configuration for node and server containers

Impact Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. We will probably opt to...

6.5CVSS7.2AI score0.00466EPSS
Exploits0References7
OSV
OSV
added 5 days ago4 views

PYSEC-2026-2077 Zope vulnerable to Stored Cross Site Scripting with SVG images

Impact There is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user...

3.7CVSS5.6AI score0.00599EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

9.6CVSS6AI score0.00478EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago4 views

firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Graphics: ImageLib component...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 5 days ago3 views

firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Denial-of-service in the Graphics: ImageLib component...

6.5CVSS5.9AI score0.00227EPSS
Exploits0References6
NVD
NVD
added 5 days ago9 views

CVE-2026-10834

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

4.6CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-10834 WP Travel Engine < 6.8.1 - Subscriber+ Arbitrary Media File Move via user_profile_image

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

0.00142EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42010

The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...

6AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 5 days ago16 views

CVE-2026-10834

The CVE covers the WP Travel Engine WordPress plugin (pre-6.8.1) where input validation for a user-supplied profile image path is insufficient before the file is moved. The vulnerability allows authenticated users with subscriber-level access or higher to relocate arbitrary files within the WordP...

4.6CVSS6AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56237

Name of the Vulnerable Software and Affected Versions Chevereto versions 3.7.5 through 4.5.3 Description An issue exists in the self-hosted media-sharing platform where the /json AJAX listing endpoint fails to enforce private profile restrictions. While the profile HTML route /username correctly...

6.9CVSS6.1AI score0.00249EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per- glyph images into a combined bitmap with Image.new1, xsize,...

7.5CVSS6.1AI score0.00361EPSS
Exploits1References4
Rows per page
Query Builder