Lucene search
+L

2938 matches found

Nuclei
Nuclei
added yesterday53 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS5.7AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday66 views

kkFileView 4.0 - Server-Side Request Forgery

kkFileView 4.0 contains a server-side request forgery caused by improper validation in OnlinePreviewController.java, letting attackers induce the server to make arbitrary requests, exploit requires sending crafted requests. id: CVE-2022-42149 info: name: kkFileView 4.0 - Server-Side Request Forge...

9.8CVSS8.6AI score0.0219EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday68 views

OpenCATS - Open Redirect

OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations. id: CVE-2023-27292 info: name:...

5.4CVSS5.6AI score0.01027EPSS
Exploits1References3
CVE
CVE
added 2 days ago9 views

CVE-2026-15943

A vulnerability in Keycloak's keycloak-services component affects identity provider management. When a delegated administrator updates an OIDC identity provider using a masked client secret sentinel value, the system performs improper validation and reuses the existing real secret even if fields ...

5.5CVSS5.4AI score0.00207EPSS
Exploits0References2
NVD
NVD
added 5 days ago3 views

CVE-2026-24238

NVIDIA TensorRT for contains a vulnerability where an attacker might cause an improper validation of array index. A successful exploit of this vulnerability might lead to code execution...

7.8CVSS0.00151EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-44392

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00647EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-50302

Improper certificate validation in Windows Cryptographic Services allows an unauthorized attacker to bypass a security feature over a network...

6.5CVSS0.00236EPSS
Exploits0References1
OSV
OSV
added 5 days ago5 views

UBUNTU-CVE-2026-50524

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00647EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago5 views

PT-2026-58713

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.00647EPSS
Exploits0References2
OSV
OSV
added 2026/07/10 9:46 p.m.7 views

CVE-2026-58587 Drupal Canvas - Moderately critical - Improper validation - SA-CONTRIB-2026-065

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal Canvas allows Cross-Site Scripting XSS. This issue affects Drupal Canvas versions: from 0.0.0 to 1.4.2, from 1.5.0 to 1.5.2, from 1.6.0 to 1.6.1, from 1.7.0 to 1.7.1...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/07/10 9:46 p.m.18 views

CVE-2026-58587

CVE-2026-58587 affects Drupal Canvas (Canvas AI submodule). The issue is an improper neutralization of input during web page generation, leading to Cross-Site Scripting (XSS). Affected versions include 0.0.0 through 1.4.2, 1.5.0 through 1.5.2, 1.6.0 through 1.6.1, and 1.7.0 through 1.7.1. Root ca...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/10 1:57 p.m.7 views

EUVD-2026-42884

Capgo before 12.128.2 contains an improper validation vulnerability in the acceptinvitation endpoint that creates user accounts before captcha validation is enforced. Attackers can bypass captcha protection by sending POST requests with invalid captcha tokens to create unwanted accounts and burn...

6.9CVSS6.1AI score0.00275EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/09 9:29 a.m.7 views

CVE-2026-56289

GNU patch is vulnerable to a denial of service DoS due to improper validation of hunk single block of changes in diff line offsets in unified-diff input. A specially crafted patch can specify an extremely large line number, causing the application to enter an effectively infinite processing loop...

5.5CVSS5.9AI score0.00115EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56916

Name of the Vulnerable Software and Affected Versions UsersWP versions prior to 1.2.66 Description Authenticated attackers with Subscriber-level access and above can delete arbitrary files on the server, including the wp-config.php file. This occurs because the validate fields function in UsersWP...

8.8CVSS6.2AI score0.00525EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.5 views

PT-2026-57874

Name of the Vulnerable Software and Affected Versions Ollama affected versions not specified Description A flaw in the downloadBlob function allows remote, unauthenticated attackers to cause a denial-of-service condition. The issue stems from improper validation of user-supplied data, leading to ...

7.5CVSS7AI score0.00391EPSS
Exploits0References3
NVD
NVD
added 2026/07/07 7:16 p.m.12 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS0.00147EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 7:16 p.m.3 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

6.1CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/07 5:29 p.m.10 views

CVE-2026-48954 Joomla! Core - [20260708] - XSS through language overrides

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 5:29 p.m.8 views

CVE-2026-48954

Improper validation leads to a generic XSS vector in the language override feature...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56227

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Improper validation in the language override feature allows for a generic Cross-Site Scripting XSS vector. XSS is a type of security flaw where malicious scripts are injected into truste...

8.4CVSS6.1AI score0.00147EPSS
Exploits0References6
Rows per page
Query Builder