Lucene search
K

300735 matches found

BDU FSTEC
BDU FSTEC
added yesterday15 views

Blitz Identity Provider (Authentication server)

...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added yesterday29 views

Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting

Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...

6.2CVSS6.1AI score0.0018EPSS
Exploits0Affected Software1
CVE
CVE
added yesterday6 views

CVE-2026-41580

Stirling-PDF (local web app) exposes a Reflected XSS via crafted PDF metadata in the /get-info-on-pdf endpoint. Prior to version 2.0.0, Title and Author metadata were rendered without proper HTML encoding/sanitization, allowing attacker-controlled JavaScript to execute in a user’s browser when vi...

6.1CVSS6.2AI score0.0006EPSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-61684

CVE-2026-61684 affects FastGPT, specifically versions around 4.15.0-beta4. The vulnerability stems from plugin invoke reverse-call endpoints under /api/invoke/* that authenticated solely by a JWT signed with INVOKE_TOKEN_SECRET, which defaults to the literal string token and was not set in offici...

8.8CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday9 views

CVE-2026-61684 FastGPT: Unauthenticated cross-tenant data access via forgeable plugin-invoke JWT (default INVOKE_TOKEN_SECRET='token')

FastGPT is a knowledge-based AI application platform. In 4.15.0-beta4, FastGPT plugin invoke reverse-call endpoints under /api/invoke/ authenticate only by verifying a JWT signed with INVOKETOKENSECRET, which defaults to the constant string token and was not set in official deployment templates. ...

8.8CVSS
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday1 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added yesterday4 views

EUVD-2026-44666

ICU Scandinavia Boomerang is vulnerable to an information disclosure flaw where sensitive credential files are exposed via static HTTP. This allows an unauthenticated remote attacker to retrieve plaintext service account and SMTP credentials by requesting specific XML files from the webroot. This...

7.1CVSS6.1AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-46635

A flaw was found in Twig, a template language for PHP. An untrusted template author, with the column filter in their allowed filters, can exploit this vulnerability. The column filter incorrectly passes object arrays to PHP's arraycolumn function, which can read properties that are not restricted...

5.3CVSS6AI score0.00371EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-48808

A flaw was found in Twig, a template language for PHP. The column filter in Twig fails to properly forward the active sandbox state, specifically the current Source to the SandboxExtension::checkPropertyAllowed function. This oversight results in the loss of SourcePolicyInterface decisions,...

6CVSS6AI score0.0026EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-61862

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
NVD
NVD
added yesterday7 views

CVE-2026-59254

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-56339

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescindinvitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NOORG vs...

8.7CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday5 views

CVE-2026-61862 ImageMagick before 7.1.2-26 Information Disclosure via identify

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-44611

ImageMagick before 7.1.2-26 and 6.9.13-51 contains an information disclosure vulnerability: when a profile is displayed with the identify command and the profile value is not printable, a single byte at the end of the profile can be printed read past the profile boundary. This behavior occurs whe...

2.9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday7 views

CVE-2026-59254 n8n - External Secrets Disclosure via Workflow Node Expressions

n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without...

6.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday8 views

CVE-2026-56339 Capgo - Unauthenticated Organization Existence Enumeration via rescind_invitation RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST SECURITY DEFINER RPC function public.rescindinvitation that allows unauthenticated attackers to enumerate organization existence. The function returns distinct error messages NOORG vs...

8.7CVSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-40633

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, versions 9.11.0.0 through 9.13.0.2 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure...

7.8CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-49978

A flaw was found in DOMPurify, a tool designed to sanitize HTML, MathML, and SVG to prevent cross-site scripting XSS attacks. When performing in-place sanitization, DOMPurify could fail to properly process content within shadow DOM elements attached to a .content. This oversight allows an attacke...

8.1CVSS6.1AI score0.00388EPSS
Exploits0References6
CVE
CVE
added yesterday3 views

CVE-2026-40633

Summary: Dell PowerScale OneFS contains an information disclosure vulnerability (Insertion of Sensitive Information into Log File) affecting PowerScale OneFS 9.5.0.0–9.10.1.7 and 9.11.0.0–9.13.0.2. A low-privilege, local attacker could exploit this to disclose information. Affected products/versi...

7.8CVSS6.1AI score
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-47423

A flaw was found in DOMPurify, a DOM-only cross-site scripting XSS sanitizer. Due to the default allowance of selectedcontent, a remote attacker could craft a malicious payload that, after initial sanitization, could be re-cloned by browsers, leading to the execution of unsanitized markup. This...

8.2CVSS6.1AI score0.00278EPSS
Exploits0References6
Rows per page
Query Builder