Lucene search
K

47670 matches found

NVD
NVD
added 2026/02/25 4:23 p.m.3 views

CVE-2026-27702

Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe eval vulnerability in Budibase's view filtering implementation allows any authenticated user including free tier accounts to execute arbitrary JavaScript code on the server...

9.9CVSS0.00335EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/25 4:17 p.m.6 views

CVE-2026-27568

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

6.1CVSS5.4AI score0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/25 3:56 p.m.29 views

CVE-2026-27706 Plane Vulnerable to Full Read SSRF via Favicon Fetching in "Add Link" Feature

Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery SSRF vulnerability has been identified in the "Add Link" feature. This flaw allows an authenticated attacker with general user privileges to send arbitrary GET requests to the...

7.7CVSS0.00213EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/25 3:25 p.m.3 views

firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...

7.5CVSS5.7AI score0.00285EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/02/25 3:25 p.m.5 views

firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...

9.8CVSS5.7AI score0.00469EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/25 2:58 p.m.21 views

CVE-2026-27699 Basic FTP has Path Traversal Vulnerability in its downloadToDir() method

The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...

9.1CVSS0.00528EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/02/25 11:38 a.m.5 views

firefox: thunderbird: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component...

9.8CVSS5.7AI score0.00469EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/25 10:16 a.m.5 views

CVE-2024-1524

When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider IDP there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users. There will...

8.1CVSS5.3AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2026/02/25 6:16 a.m.4 views

CVE-2026-3100

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

6.5CVSS5.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 5:52 a.m.6 views

CVE-2026-3100 An improper certificate validation vulnerability was found in the FTP Backup on the ADM.

The FTP Backup on the ADM will not properly strictly enforce TLS certificate verification while connecting to an FTP server using FTPES/FTPS. An improper validated TLS/SSL certificates allows a remote attacker can intercept network traffic to perform a Man-in-the-Middle MitM attack, which may...

8.3CVSS6AI score0.00179EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/25 4:6 a.m.4 views

CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response

changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the HTTP response body without HTML escaping. Since Flask returns text/html by default for plain string responses, the...

6.1CVSS5.3AI score0.00445EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 2:52 a.m.4 views

CVE-2026-27632 Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery CSRF protections on critical state-changing endpoints, specifically within SubmitChat.php and other game interaction handlers. By...

2.6CVSS5.8AI score0.00092EPSS
Exploits1References3
CVE
CVE
added 2026/02/25 2:31 a.m.20 views

CVE-2026-27614

Bugsink (self-hosted error tracking) is affected by a Stored XSS in versions before 2.0.13. The root cause is how Pygments fallback in stacktrace rendering handles line mismatches: _pygmentize_lines() returns raw lines when line counts differ, and then mark_safe() is applied unconditionally to th...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/25 2:16 a.m.7 views

CVE-2025-67752

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS0.00233EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/25 1:9 a.m.2 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS5.9AI score0.00233EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/25 1:9 a.m.4 views

EUVD-2025-208104

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS5.5AI score0.00233EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/25 1:9 a.m.21 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS0.00233EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 1:9 a.m.5 views

CVE-2025-67752

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS5.5AI score0.00233EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/25 1:9 a.m.12 views

CVE-2025-67752

OpenEMR prior to version 7.0.4 disables SSL certificate verification in its HTTP client wrapper (oeHttp/oeHttpRequest) by default, setting verify: false. This creates a MITM risk for all HTTPS connections, including communications with government healthcare APIs and other external services, and c...

8.1CVSS5.5AI score0.00233EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/25 1:9 a.m.6 views

CVE-2025-67752 OpenEMR Has Disabled SSL Certificate Verification in HTTP Client

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper oeHttp/oeHttpRequest disables SSL/TLS certificate verification by default verify: false, making all external HTTPS connections vulnerable ...

8.1CVSS5.6AI score0.00233EPSS
Exploits1References4
Rows per page
Query Builder