Lucene search
K

3165 matches found

OSV
OSV
added 12 hours ago5 views

ROOT-OS-DEBIAN-11-CVE-2024-42230 CVE-2024-42230 in rootio-linux - Patched by Root

Root has patched CVE-2024-42230 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

4.4CVSS6.8AI score0.00205EPSS
Exploits0
Nuclei
Nuclei
added 14 hours ago12 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.7AI score0.03816EPSS
Exploits0References3
Nuclei
Nuclei
added 14 hours ago26 views

SiYuan Note <= 3.6.5 - Authentication Bypass

SiYuan Note 3.6.5 and prior is vulnerable to authentication bypass. The CheckAuth middleware unconditionally trusted all chrome-extension:// origins, granting RoleAdministrator access without token validation to any request with a spoofed Origin header. Fixed in v3.7.0. id: CVE-2026-54069 info:...

9.2CVSS6.1AI score0.00607EPSS
Exploits0References2
Nuclei
Nuclei
added 14 hours ago6 views

SiYuan Note - Cross-Site Scripting

Unauthenticated reflected cross-site scripting XSS vulnerability in all versions of SiYuan Note containing /api/icon/getDynamicIcon with unsafe type=8 rendering logic. Attacker-controlled content is inserted directly into SVG output without proper sanitization. An attacker can execute arbitrary...

9.3CVSS7.2AI score0.00625EPSS
Exploits1References2
Nuclei
Nuclei
added 14 hours ago157 views

SiYuan Note - Cross-Site Scripting

SiYuan Note through version 3.6.1 is vulnerable to unauthenticated reflected Cross-Site Scripting XSS in the /api/icon/getDynamicIcon endpoint due to improper filtering of SVG elements with a namespace prefix such as . By using a namespaced script element, attackers can bypass the SanitizeSVG...

8.6CVSS6.3AI score0.00469EPSS
Exploits1References2
NVD
NVD
added yesterday6 views

CVE-2026-58489

HedgeDoc is an open source, real-time collaborative markdown notes application. Prior to 1.11.0, the GitHub Gist export flow created an OAuth2 state value but only checked that it was present rather than validating it against the value expected for the user's session. Because the state was not...

6.8CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday31 views

CVE-2026-58486 HedgeDoc: Denial-of-service via YAML alias expansion in note frontmatter

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...

8.3CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-57920

Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.11.0 Description The GitHub Gist export flow fails to properly validate the OAuth2 state value, checking only for its presence instead of verifying it against the user session. This allows an attacker to forge a...

6.8CVSS6.1AI score
Exploits0References4
NVD
NVD
added 2 days ago9 views

CVE-2026-15499

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-43221

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-15499

AstrBotDevs AstrBot (versions up to 4.25.2) contains a vulnerability in the function FutureTaskTool.call (astrbot/core/tools/cron_tools.py). Manipulating payload["note"] leads to improper authorization, enabling remote exploitation. Public exploit availability is reported. No remediation details ...

6.5CVSS6.3AI score0.00201EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15499 AstrBotDevs AstrBot Scheduled Task cron_tools.py FutureTaskTool.call improper authorization

A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/crontools.py of the component Scheduled Task Handler. Performing a manipulation of the argument payload"note" results in improper authorization...

6.5CVSS0.00201EPSS
Exploits0References5
Circl
Circl
added 4 days ago4 views

CVE-2026-54068

creationtimestamp| type| source ---|---|--- 2026-07-10 20:35:17+00:00| published-proof-of-concept| https://github.com/siyuan-note/siyuan/security/advisories/GHSA-gcm7-57gf-953c 2026-07-11 04:41:43+00:00| seen| https://gist.github.com/alon710/5b22d6c437eabc82b89ba6fa8ccee27d...

5.9CVSS6.1AI score0.00239EPSS
Exploits0References2
Circl
Circl
added 5 days ago8 views

CVE-2026-50554

creationtimestamp| type| source ---|---|--- 2026-07-09 14:35:10+00:00| published-proof-of-concept| https://github.com/enchant97/note-mark/security/advisories/GHSA-588f-fvcv-xhvf...

5.9AI score0.00048EPSS
Exploits0References1
Circl
Circl
added 5 days ago7 views

CVE-2026-58144

creationtimestamp| type| source ---|---|--- 2026-07-09 13:45:12+00:00| seen| https://gist.github.com/sermikr0/75686815e441c07462cfdea2fed5d305 2026-07-10 00:03:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqatvsmcv62t 2026-07-10 18:39:34+00:00| seen|...

5.4CVSS6.1AI score0.00136EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-14343 Download Manager <= 3.3.61 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'note_before' and 'note_after' Shortcode Attributes

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'notebefore' and 'noteafter' Shortcode Attributes in all versions up to, and including, 3.3.61 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS0.00201EPSS
Exploits0References6
Circl
Circl
added 6 days ago6 views

CVE-2026-59936

creationtimestamp| type| source ---|---|--- 2026-07-08 21:36:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mq637k3iih2w 2026-07-10 07:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mqbnbfawqa2n 2026-07-10 07:43:10+00:00| seen|...

8.7CVSS6.1AI score0.00345EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

BeyondTrust Remote Support (RS) < 25.3.3 Multiple Vulnerabilities (BT26-03)

The version of BeyondTrust Remote Support RS running on the remote host is prior to 25.3.3. It is, therefore, affected by multiple vulnerabilities, including: - A critical pre-authentication vulnerability in the authentication subsystem. Improper validation of authentication data may allow a...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Rouncube project reports: See links for more detail CVE-2026-54433 Note that Nessus relies on the presence of the package as reported by the vendor...

7.2CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/07/06 3:16 a.m.8 views

CVE-2026-14791

A weakness has been identified in crater-invoice-inc crater up to 6.0.6. This affects the function getFormattedString of the file app/Http/Requests/InvoicesRequest.php of the component Invoice Note Handler. Executing a manipulation of the argument notes can lead to cross site scripting. The attac...

5.1CVSS0.00203EPSS
Exploits0References6
Rows per page
Query Builder