Lucene search
+L

2757 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/10 12:43 p.m.7 views

CVE-2021-47929

Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attackers can store JavaScript code like image tags with onerror handlers that execute when the gallery...

6.4CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/09 12:34 a.m.5 views

CVE-2026-41705

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

8.6CVSS7.2AI score0.00353EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 10:56 p.m.46 views

CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

9.9CVSS0.00652EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/08 10:56 p.m.8 views

CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

9.9CVSS6AI score0.00652EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 10:56 p.m.11 views

EUVD-2026-28864

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate the containerId URL path parameter and WebSocket message field directly into shell commands execute...

9.9CVSS6AI score0.00652EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 6:1 a.m.33 views

CVE-2026-8149

CVE-2026-8149 affects Legion of the Bouncy Castle BC-FJA/BC-FIPS on Linux x86_64 with AVX/AVX-512f. Vulnerable components: gcm128w and gcm512w ; affected versions: 2.1.0–2.1.2 . Root cause details and specific fixes are not provided in the documents. No exploitation details are included. No remed...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/08 2:27 a.m.9 views

SUSE CVE-2026-6321

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

CodeAstro Leave Management System 注入漏洞

The CodeAstro Leave Management System is a leave management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Leave Management System has a vulnerability related to SQL injection, which arises from improper handling of the parameter txtusername in the file/login.php...

7.5CVSS7.2AI score0.00254EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.27 views

PT-2026-39219

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'extractArchive' and 'compressFiles' endpoints in file-manager.ts use double-quot...

8.7CVSS5.8AI score0.01207EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.21 views

PT-2026-39200

Name of the Vulnerable Software and Affected Versions SolidCAM-GPPL-IDE versions 1.0.0 through 1.0.1 Description Opening a .gpp file causes the language server to parse a companion .vmid file from the same directory. The VMID parser uses XDocument.Loadpath without XmlReaderSettings, which in .NET...

7.1CVSS5.8AI score0.00314EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/05/07 12:18 a.m.24 views

Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization

NETTY HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization | Field | Value | |-----------|-------| | Library | io.netty:netty-codec-http | | Component | codec-http — HttpObjectDecoder | | Severity | HIGH | | Affects | HEAD, commit 4f3533ae confirmed | --- Summary HttpObjectDecoder strips a...

9.8CVSS5.8AI score0.00607EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 12:40 p.m.10 views

EUVD-2026-27313

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS5.8AI score0.00251EPSS
Exploits1References3
NVD
NVD
added 2026/05/05 3:16 a.m.31 views

CVE-2026-6704

The Blog Settings plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.00211EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.12 views

CVE-2026-7594

A vulnerability was detected in Flux159 mcp-game-asset-gen 0.1.0. Affected is the function imageto3dasync of the file src/index.ts of the component MCP Interface. The manipulation of the argument statusFile results in path traversal. The attack can be executed remotely. The exploit is now public...

7.5CVSS6.8AI score0.00418EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:55 a.m.7 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540.

Summary IBM Maximo Application Suite - Monitor Component uses dompurify-3.2.7.tgz, dompurify-3.3.0.tgz, dompurify-3.3.1.tgz which is vulnerable to CVE-2026-0540. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-0540 DESCRIPTION: DOMPurify 3.1.3...

6.1CVSS7.2AI score0.0034EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.12 views

Code-Projects Gym Management System 注入漏洞

Code-Projects Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Gym Management System has a SQL injection vulnerability. This vulnerability arises from the handling of the 'day' parameter in the file/index.php, allowing...

6.5CVSS6.6AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

SourceCodester Web-based Pharmacy Product Management System 注入漏洞

SourceCodester Web-based Pharmacy Product Management System is an open-source pharmacy product management system developed by SourceCodester. Version 1.0 of the SourceCodester Web-based Pharmacy Product Management System has a SQL injection vulnerability. This vulnerability arises from unknown...

6.5CVSS6.7AI score0.00192EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.10 views

AMTT Hotel Broadband Operation System 注入漏洞

AMTT Hotel Broadband Operation System is a hotel broadband operation system developed by AMTT Corporation. Version 1.0 of the AMTT Hotel Broadband Operation System contains a injection vulnerability. This vulnerability arises from the operation of unknown functions on parameters ID in the file...

5.8CVSS5.8AI score0.00206EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Edimax BR-6208AC 注入漏洞

The Edimax BR-6208AC is a wireless router produced by Edimax of Taiwan, China. Version 1.02 of the Edimax BR-6208AC has a vulnerability related to injection attacks. This vulnerability stems from the setWAN function in the L2TP Mode component, which processes the L2TPUserName parameter. This coul...

6.5CVSS6.6AI score0.01158EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/02 3:30 p.m.38 views

CVE-2026-7653 r-huijts mcp-server-rijksmuseum MCP index.ts open_image_in_browser os command injection

A security flaw has been discovered in r-huijts mcp-server-rijksmuseum up to 1.0.4. Affected is the function openimageinbrowser of the file src/index.ts of the component MCP Interface. Performing a manipulation of the argument imageUrl results in os command injection. The attack is possible to be...

6.5CVSS0.01294EPSS
Exploits0References4
Rows per page
Query Builder