Lucene search
K

2931 matches found

Nuclei
Nuclei
added 13 hours ago65 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS7.1AI score0.0219EPSS
Exploits0References2
Nuclei
Nuclei
added 13 hours ago53 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.3AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added 13 hours ago67 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS6.2AI score0.01027EPSS
Exploits1References3
NVD
NVD
added yesterday2 views

CVE-2026-24238

NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successful exploit of this vulnerability might lead to code execution...

7.8CVSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-50302

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network...

4.2CVSS
Exploits0References1
CVE
CVE
added 5 days ago15 views

CVE-2026-58587

CVE-2026-58587 affects Drupal Canvas (Canvas AI submodule). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Affected versions include 0.0.0 through 1.4.2, 1.5.0 through 1.5.2, 1.6.0 through 1.6.1, and 1.7.0 through 1.7.1. Root ca...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-58587 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42884

Capgo before 12.128.2 contains an improper validation vulnerability in the acceptinvitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn...

6.9CVSS6.1AI score0.00275EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS5.9AI score0.00115EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56916

Name of the Vulnerable Software and Affected Versions UsersWP versions prior to 1.2.66 Description Authenticated attackers with Subscriber-level access and above can delete arbitrary files on the server, including the wp-config.php file. This occurs because the validate fields function in UsersWP...

8.8CVSS6.2AI score0.00525EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-57874

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description A flaw in the downloadBlob function allows remote, unauthenticated attackers to cause a denial-of-service condition. The issue stems from improper validation of user-supplied data, leading to ...

7.5CVSS7AI score0.00391EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 7:16 p.m.2 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

6.1CVSS6AI score
Exploits0References1
NVD
NVD
added 2026/07/07 7:16 p.m.12 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.7 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/07/07 5:29 p.m.10 views

CVE-2026-48954 Joomla! Core - [20260708] - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56227

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Improper validation in the language override feature allows for a generic Cross-Site Scripting XSS vector. XSS is a type of security flaw where malicious scripts are injected into truste...

8.4CVSS6.1AI score0.00147EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 2:36 p.m.10 views

EUVD-2026-41378

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 2:13 p.m.5 views

PYSEC-2026-656 OpenStack Keystone and other components vulnerable to Improper Certificate Validation

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates...

5.9CVSS5.9AI score0.00962EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.16 views

PT-2026-55230

Name of the Vulnerable Software and Affected Versions Little Orbit GFAC affected versions not specified Description Improper validation and a NULL pointer dereference a condition where the software attempts to read from a memory address that is null, leading to a crash in the GFAC Sys x64.sys...

7.8CVSS6.3AI score0.0013EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 5:31 p.m.4 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score0.00231EPSS
Exploits0References4
Rows per page
Query Builder