Lucene search
K

3871 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43553

A weakness has been identified in antv layout 2.0.0. This impacts the function setNestedValue in the library lib/util/object.js. Executing a manipulation of the argument path can lead to improperly controlled modification of object prototype attributes. The attack can be launched remotely. The...

6.5CVSS6.5AI score
Exploits0References6
Nuclei
Nuclei
added yesterday23 views

WordPress Page Layout builder v1.9.3 - Cross-Site Scripting

WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. id: CVE-2016-1000141 info: name: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site...

6.1CVSS6.4AI score0.03462EPSS
Exploits2References4
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-43102

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 5 days ago5 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Log injection via CRLF sequences due to configuration attribute renames

A flaw was found in Apache Log4j Core. This vulnerability allows for log injection through the use of Carriage Return Line Feed CRLF sequences. This occurs because security-related configuration attributes were silently renamed, impacting users who directly configure Rfc5424Layout with stream-bas...

7.5CVSS6.4AI score0.00831EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added last week7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.3AI score0.03459EPSS
Exploits1References5
NVD
NVD
added last week7 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS0.00147EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42062

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-48953

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week13 views

CVE-2026-48953

CVE-2026-48953 affects Joomla! Core. The issue is an XSS in the generic image output layout caused by a lack of escaping in the rendering path. Affected software is Joomla! Core (security entry notes this under 2026-07-07). The root cause is input/output escaping not being applied when generating...

8.4CVSS5.9AI score0.00147EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added last week35 views

CVE-2026-48953 Joomla! Core - [20260707] - XSS in the generic image output layout

Lack of escaping leads to an XSS vulnerability in the generic image output layout...

8.4CVSS0.00147EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.11 views

PT-2026-56226

Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description Lack of escaping in the generic image output layout leads to a Cross-Site Scripting XSS issue, where malicious scripts can be injected into web pages viewed by other users. Recommendatio...

8.4CVSS6AI score0.00147EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 3:22 p.m.9 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/06 3:18 p.m.4 views

CVE-2026-59196

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/07/06 3:18 p.m.4 views

CVE-2026-59196 pnpm: hoisted install imports lockfile alias outside node_modules

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score0.00262EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.3 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:24 p.m.5 views

CVE-2026-58031

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js. This issue affects MediaWiki: from...

5.8AI score0.00133EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 1:32 p.m.6 views

EUVD-2026-40970

In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...

5.8AI score0.00156EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.5 views

CVE-2026-53336

In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...

5.7AI score0.00156EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40559

Out of bounds read in Layout in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References3
Rows per page
Query Builder