Lucene search
K

53599 matches found

NVD
NVD
added 2 hours ago2 views

CVE-2026-53330

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-40964

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References3
Cvelist
Cvelist
added 2 hours ago3 views

CVE-2026-53330 drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 hours ago2 views

CVE-2026-53330

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

Exploits0References4
CVE
CVE
added 2 hours ago5 views

CVE-2026-53330

The CVE-2026-53330 entry documents a Linux kernel issue in drm/amd/display where an out-of-bounds read could occur in dp_get_eq_aux_rd_interval() when processing LTTPR repeaters. The aux_rd_interval array in struct dc_lttpr_caps was sized to MAX_REPEATER_CNT-1 (7), but an offset up to MAX_REPEATE...

5.8AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 5 hours ago3 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS0.00263EPSS
Exploits1References7
OSV
OSV
added 6 hours ago2 views

DEBIAN-CVE-2026-56364

ImageMagick before 7.1.2-13 contains a memory leak vulnerability in LoadOpenCLDeviceBenchmark function when parsing malformed OpenCL device profile XML files with unclosed device elements. Attackers with write access to the OpenCL cache directory can place malicious XML files to exhaust memory an...

1.9CVSS5.8AI score
Exploits0References1
NVD
NVD
added 8 hours ago4 views

CVE-2026-50043

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS
Exploits0References2
EUVD
EUVD
added 9 hours ago5 views

EUVD-2026-40929

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 9 hours ago8 views

CVE-2026-50043

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 9 hours ago3 views

CVE-2026-50043

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in SkyBridge MB-A100/MB-A110. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product with an administrative privilege...

8.6CVSS7.1AI score
Exploits0References3
CVE
CVE
added 9 hours ago11 views

CVE-2026-50043

SkyBridge MB-A100/MB-A110 are affected by CVE-2026-50043: improper neutralization of special elements used in an OS command (OS Command Injection). If an attacker can log in with administrative privileges, arbitrary OS commands may be executed. The connected documents do not specify a patch or wo...

8.6CVSS7.1AI score
Exploits0References2
Nuclei
Nuclei
added 12 hours ago22 views

Lightdash v0.1024.6 - Server-Side Request Forgery

Server-Side Request Forgery “SSRF” in the export dashboard functionality of Lightdash version 0.1024.6 allows remote authenticated threat actors to obtain the session cookie of any user who exports a crafted dashboard. When they are exported, dashboards containing HTML elements can trigger HTTP...

7.3CVSS5.8AI score0.01786EPSS
Exploits0References2
Nuclei
Nuclei
added 12 hours ago52 views

OpenCMS 14 & 15 - Cross Site Scripting

Cross-site scripting XSS vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. id: CVE-2023-6379 info: name: OpenCMS 14 & 15 - Cross Site Scripting author: msegoviag severity: medium description: | Cross-site scripting XSS vulnerability in Alkacon...

6.1CVSS6.4AI score0.01767EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago81 views

OpenCms 14 & 15 - Open Redirect

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template id: CVE-2023-6380 info: name: OpenCms 14 & 15 - Open Redirect author: MiguelSegoviaGil severity: medium description: | Open redirect vulnerability has been found in the Open C...

6.1CVSS6.3AI score0.01594EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago18 views

WordPress Master Elements <=8.0 - SQL Injection

WordPress Master Elements plugin through 8.0 contains a SQL injection vulnerability. The plugin does not validate and escape the metaids parameter of its removepostmetacondition AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker...

9.8CVSS7.4AI score0.07184EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago31 views

WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting

WordPress Shortcodes and extra features plugin for the Phlox theme before 2.9.8 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting...

6.1CVSS6.4AI score0.01205EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago15 views

WordPress All-in-one Floating Contact Form <2.0.4 - Cross-Site Scripting

WordPress All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs plugin before 2.0.4 contains a reflected cross-site scripting vulnerability on the my-sticky-elements-leads admin page. id: CVE-2022-0148 info: name: WordPress All-in-one Floating Contact Form 2.0.4 - Cross-Site...

5.4CVSS5.9AI score0.01572EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago20 views

Jeg Elementor Kit < 2.5.7 - Unauthenticated Settings Update

The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the...

8.6CVSS7.1AI score0.01594EPSS
Exploits1References4
Nuclei
Nuclei
added 12 hours ago7 views

Stirling-PDF < 1.1.0 - Server-Side Request Forgery

Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...

9.8CVSS5.8AI score0.01587EPSS
Exploits0References2
Rows per page
Query Builder