Lucene search
K

47682 matches found

RedhatCVE
RedhatCVE
added 2026/02/21 1:31 a.m.8 views

CVE-2025-67438

A Stored Cross-Site Scripting XSS vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file containing a malicious payload, an attacker can access and exfiltrate sensitive information,...

6.1CVSS5.9AI score0.00267EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:30 a.m.11 views

CVE-2026-1292

Tanium addressed an insertion of sensitive information into log file vulnerability in Trends...

6.5CVSS5.4AI score0.00306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/21 1:28 a.m.5 views

CVE-2026-26980

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

9.4CVSS5.6AI score0.69996EPSS
Exploits7References1
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.3 views

SUSE CVE-2026-26064

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

9.3CVSS5.9AI score0.0088EPSS
Exploits1References3
CVE
CVE
added 2026/02/21 12:1 a.m.16 views

CVE-2026-27189

OpenSift: A race-prone local persistence issue in versions ≤ 1.1.2-alpha due to non-atomic and insufficiently synchronized JSON persistence flows. This can cause concurrent operations to lose updates or corrupt local state across sessions (study/quiz/flashcard/wellness/auth stores). The vulnerabi...

6.6CVSS5.5AI score0.00112EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/21 12:0 a.m.5 views

PT-2026-21365

BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. Media is discarded at the server side, so it isn't audible to any participants, but this may allo...

2CVSS5.5AI score0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/02/20 11:16 p.m.7 views

CVE-2026-27119

svelte performance oriented web framework. From 5.39.3, element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected. This vulnerability is fixed in 5.51.5...

5.4CVSS0.00182EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:9 p.m.4 views

CVE-2018-2279

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:8 p.m.4 views

CVE-2018-2239

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:8 p.m.2 views

CVE-2018-2237

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:8 p.m.2 views

CVE-2018-2230

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:7 p.m.4 views

CVE-2018-2222

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:7 p.m.3 views

CVE-2018-2221

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/20 11:7 p.m.4 views

CVE-2018-2195

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/02/20 9:19 p.m.4 views

DEBIAN-CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS7.3AI score0.00445EPSS
Exploits1References1
NVD
NVD
added 2026/02/20 9:19 p.m.11 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS0.00445EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2026/02/20 9:19 p.m.3 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS5.8AI score0.00445EPSS
Exploits1References5
OSV
OSV
added 2026/02/20 9:19 p.m.2 views

UBUNTU-CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS5.9AI score0.00445EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/20 8:57 p.m.5 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS6AI score0.00445EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/02/20 8:57 p.m.5 views

CVE-2026-25896

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. From 4.1.3to before 5.3.5, a dot . in a DOCTYPE entity name is treated as a regex wildcard during entity replacement, allowing an attacker to shadow...

9.3CVSS7.3AI score0.00445EPSS
Exploits1
Rows per page
Query Builder