Lucene search
K

47725 matches found

RedhatCVE
RedhatCVE
added 2026/02/11 1:33 a.m.4 views

CVE-2026-25880

SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary explorer.exe located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s...

7.8CVSS6.3AI score0.00192EPSS
Exploits1References1
Fedora
Fedora
added 2026/02/11 1:0 a.m.6 views

[SECURITY] Fedora 42 Update: rust-sigul-pesign-bridge-0.5.0-3.fc42

Drop-in replacement for pesign's daemon that bridges pesign-client requests to a Sigul server...

7.5CVSS5.5AI score0.00443EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.7 views

PT-2026-7558

Name of the Vulnerable Software and Affected Versions Qsync Central versions prior to 5.0.0.4 Description A flaw exists in Qsync Central that allows a remote attacker who has obtained a user account to exploit a resource allocation issue without limits or throttling. This could lead to the attack...

6.5CVSS5.5AI score0.00448EPSS
Exploits0References3
Drupal
Drupal
added 2026/02/11 12:0 a.m.14 views

Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009

This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...

5.4CVSS5.6AI score0.00136EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7807

This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...

5.5AI score0.00136EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7723

Name of the Vulnerable Software and Affected Versions set-in versions 2.0.1 through 2.0.4 Description set-in is a Node.js package that sets values within nested associative structures given an array of keys. A flaw exists where, despite a previous attempt to prevent prototype pollution by checkin...

9.8CVSS6.4AI score0.00461EPSS
Exploits1References16
CNVD
CNVD
added 2026/02/11 12:0 a.m.4 views

Unspecified Vulnerability in HCL AION (CNVD-2026-16402)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a missing or insecure HTTP Strict Transport Security header, which can be exploited by an attacker to cause a man-in-the-middle attack...

8.1CVSS5.8AI score0.00199EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.5 views

PT-2026-7565

A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: Qsync Central...

5.3CVSS5.5AI score0.00537EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.9 views

set-in 安全漏洞

set-in is a JavaScript library developed by Mikey personally. Versions of set-in 2.0.1 to 2.0.5 had security vulnerabilities due to insufficient input validation. These vulnerabilities could allow for attacks through specially crafted input that contaminated the Object.prototype prototype, leadin...

9.8CVSS5.8AI score0.00461EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.10 views

Google Chrome < 145.0.7632.45 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 145.0.7632.45. It is, therefore, affected by multiple vulnerabilities as referenced in the 202602stable-channel-update-for-desktop10 advisory. - Use after free in Ozone. CVE-2026-2321 - Use after free in CSS. CVE-2026-231...

8.8CVSS6.1AI score0.08754EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-2318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/10 7:15 p.m.4 views

CVE-2025-14821

A flaw was found in libssh. This vulnerability allows local man-in-the-middle attacks, security downgrades of SSH Secure Shell connections, and manipulation of trusted host information, posing a significant risk to the confidentiality, integrity, and availability of SSH communications via an...

7.8CVSS5AI score0.00129EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/02/10 6:55 p.m.8 views

CVE-2026-25506

MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak cryptographic key material from process memory. With the leaked key material, the...

7.8CVSS6.3AI score0.00302EPSS
Exploits0
OSV
OSV
added 2026/02/10 6:16 p.m.4 views

AZL-77480 CVE-2026-25646 affecting package optipng 0.7.8-5

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the pngsetquantize API function. When the function is called with no histogram and the number of...

8.3CVSS6AI score0.00955EPSS
Exploits1References1
OSV
OSV
added 2026/02/10 6:0 p.m.17 views

BIT-NGINX-2026-1642

A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security TLS servers. An attacker with a man-in-the-middle MITM position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data in...

8.2CVSS5.7AI score0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/10 5:59 p.m.22 views

CVE-2026-21332 InDesign Desktop | Out-of-bounds Read (CWE-125)

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that...

5.5CVSS0.00153EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:59 p.m.5 views

CVE-2026-21357

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.00226EPSS
Exploits0References2
CVE
CVE
added 2026/02/10 5:47 p.m.15 views

CVE-2026-25992

SiYuan before 3.5.5 exposes a vulnerability in the /api/file/getFile endpoint: it uses case-sensitive equality checks to block access on case-insensitive file systems (e.g., Windows). An attacker can bypass restrictions via mixed-case paths and read protected configuration files. Impact is confid...

7.5CVSS5.5AI score0.00505EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 4:56 p.m.3 views

CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page

Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting them into meta tags and the title tag. This allows Stored Cross-Site Scripting XSS attacks...

7.3CVSS6AI score0.00224EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/10 4:47 p.m.5 views

CVE-2026-25530 Kanboard is missing authorization check in getSwimlane API allows cross-project data access

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50...

4.3CVSS5.5AI score0.00235EPSS
Exploits1References3
Rows per page
Query Builder