Lucene search
K

2918 matches found

Nuclei
Nuclei
added 7 hours ago65 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.1AI score0.01027EPSS
Exploits1References3
Nuclei
Nuclei
added 7 hours ago64 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.3AI score0.0219EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago52 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.2AI score0.01021EPSS
Exploits1References1
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

4.6CVSS5.9AI score
Exploits0
NVD
NVD
added 3 days ago10 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00269EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago7 views

CVE-2026-48954 Joomla! Core - [20260708] - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00269EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/02 2:36 p.m.9 views

EUVD-2026-41378

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55230

Name of the Vulnerable Software and Affected Versions Little Orbit GFAC affected versions not specified Description Improper validation and a NULL pointer dereference a condition where the software attempts to read from a memory address that is null, leading to a crash in the GFAC Sys x64.sys...

7.8CVSS6.3AI score0.0013EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 7:16 a.m.11 views

CVE-2026-14193

DVP80ES300T with Improper Validation of Array Index Vulnerability...

7.5CVSS0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.3 views

GO-2026-5564 Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation in open-cluster-management.io/ocm

Open Cluster Management OCM: Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation in open-cluster-management.io/ocm...

8.2CVSS5.8AI score0.00112EPSS
Exploits1References6
NVD
NVD
added 2026/06/24 2:16 a.m.11 views

CVE-2026-12681

Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList does not advance the buffer past vendor bytes before reading entries. For hashSHA256SigGUID lists, this allows attacker-controlled vendor header bytes to be appended ...

8.9CVSS0.00191EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/23 9:13 a.m.9 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51510

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 1.0.4 Description The software fails to block at least seven Python standard library modules, including uuid, osx support, aix support, pyrepl.pager, and imaplib. This oversight exposes eight functions that allow...

9.8CVSS6.2AI score0.00757EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/17 2:2 p.m.7 views

Improper Validation of Specified Type of Input

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to improper validation of the temperature parameter while sampling. An attacker can cause the...

8.7CVSS5.9AI score0.00261EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/16 12:34 a.m.9 views

EUVD-2026-37018

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS5.3AI score0.00267EPSS
Exploits0References5
NVD
NVD
added 2026/06/16 12:16 a.m.11 views

CVE-2026-9258

Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

9.8CVSS0.00267EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 11:35 p.m.29 views

CVE-2026-9258

The CVE-2026-9258 entry describes Improper validation of SSH host keys in Canon EOS Network Setting Tool, affected in Version 1.5.0 or earlier. The issue is tied to a network-accessible vector with no user interaction required per CVSS, and could impact confidentiality, integrity, and availabilit...

9.8CVSS5.3AI score0.00267EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/15 6:47 a.m.8 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

7.5CVSS5.5AI score0.0027EPSS
Exploits0References5
Rows per page
Query Builder