Lucene search
+L

12129 matches found

CVE
CVE
added 1 hour ago5 views

CVE-2026-13082

GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...

5.4AI score
Exploits0References2
Nuclei
Nuclei
added 9 hours ago64 views

NocoBase - SQL Injection

NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...

7.2CVSS5.6AI score0.01833EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago20 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.4AI score0.02574EPSS
Exploits6References4
Nuclei
Nuclei
added 9 hours ago130 views

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

6.1CVSS6.2AI score0.04055EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago22 views

GTranslate < 2.8.65 - Cross-Site Scripting

In the Pro and Enterprise versions of GTranslate 2.8.65, the gtranslaterequesturivar function runs at the top of all pages and echoes out the contents of $SERVER'REQUESTURI'. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable ...

6.1CVSS6AI score0.01572EPSS
Exploits2References2
NVD
NVD
added 12 hours ago5 views

CVE-2026-62205

OpenClaw versions 2026.4.12-beta.1 before 2026.6.6 contain a missing-authorization vulnerability in the MS Teams message actions feature. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path can perform actions that should have required a stronger...

7.1CVSS
Exploits0References2
Nuclei
Nuclei
added yesterday39 views

Langflow < 1.9.0 - Remote Code Execution

Langflow versions prior to 1.9.0 are vulnerable to unauthenticated remote code execution RCE via the buildpublictmp endpoint. Attackers can submit a manipulated flow JSON containing Python code that is executed during the build process without proper sandboxing. id: CVE-2026-33017 info: name:...

9.8CVSS7.5AI score0.98191EPSS
Exploits21References3
OSV
OSV
added yesterday4 views

UBUNTU-CVE-2026-61863

ImageMagick before 7.1.2-26 and 6.x before 6.9.13-51 contains a memo...

7.5CVSS6.1AI score0.00102EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44796

CVE-2026-33443 is a memory management error in Secure Access servers prior to 14.55. Attackers with an intimate knowledge of and total control over the tunnel protocol can create a persistent DoS against the server...

7.1CVSS6.1AI score0.00213EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2 days ago5 views

MantisBT: SOAP API Authentication Bypass with Privilege Escalation to Administrator

MantisBT 2.28.3 and earlier contains a critical authentication bypass in the SOAP API's mcichecklogin function. Any user knowing any valid cookiestring can authenticate as any other user knowing their username, including the administrator, without knowing the target's password. The vulnerability ...

6.1AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2 days ago4 views

EUVD-2026-44620

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...

2.5CVSS6.1AI score0.00096EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-61864 ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS0.00102EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago7 views

PT-2026-60234

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.4.1 Splunk Enterprise versions prior to 10.2.5 Splunk Enterprise versions prior to 10.0.8 Splunk Enterprise versions prior to 9.4.13 Splunk Enterprise versions prior to 9.3.14 Splunk Cloud Platform versio...

7.2CVSS6.1AI score0.00381EPSS
Exploits0References4
CVE
CVE
added 3 days ago28 views

CVE-2026-45305

Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...

8.7CVSS6.1AI score0.0075EPSS
Exploits0References6Affected Software1
CVE
CVE
added 3 days ago11 views

CVE-2026-60081

The provided data indicate a memory‑consumption risk in DBI::ProfileData prior to version 1.651 for Perl. The issue arises from an unbounded path index in profile dump files, which can be used to allocate an excessively large array and exhaust memory. Affected component: DBI::ProfileData (Perl). ...

7.5CVSS6.1AI score0.0063EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-58319

Certain Apache Doris FE HTTP REST administrative APIs were accessible without proper authentication. An unauthenticated attacker with network access to the FE HTTP service could perform unauthorized administrative operations, potentially affecting cluster integrity and availability and leading to...

9.1CVSS0.00614EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Adobe Audition < 25.6.6 / 26.0 < 26.3 Multiple Vulnerabilities (APSB26-71) (macOS)

The version of Adobe Audition installed on the remote macOS host is prior to 25.6.6, 26.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-71 advisory. - Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution i...

7.8CVSS6.2AI score0.00197EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 3 days ago6 views

Adobe Creative Cloud < 6.10.0.252.3 Multiple Privilege escalation (APSB26-77)

The version of Adobe Creative Cloud installed on the remote Windows host is prior to 6.10.0.252.3. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-77 advisory. - Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerabilit...

7.8CVSS6.5AI score0.00131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72)

The version of Adobe Media Encoder installed on the remote Windows host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary co...

7.8CVSS6.4AI score0.00297EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Adobe Media Encoder < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-72) (macOS)

The version of Adobe Media Encoder installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-72 advisory. - Media Encoder is affected by an out-of-bounds write vulnerability that could result in arbitrary code...

7.8CVSS6.4AI score0.00297EPSS
Exploits0References6
Rows per page
Query Builder