Lucene search
+L

19627 matches found

cve
cve
added yesterday11 views

CVE-2026-50030

DataEase prior to 2.10.23 exposes the SQL preview path (DatasetDataApi.previewSql/previewSqlCheck) via /de2api/datasetData/previewSql, accepting PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross. The system stores decoded SQL in datasourceRequest.query and CalciteProvider.f...

7.1CVSS6.2AI score0.00025EPSS
Exploits0References3
nvd
nvd
added yesterday7 views

CVE-2026-42533

A vulnerability exists in NGINX Plus and NGINX Open Source when a map directive uses regex matching and a string expression references the map's regex capture variables before referencing the map output variable. Alternatively, the same result could be achieved by using a non-cacheable variable i...

9.2CVSS
Exploits0References1
f5
f5
added yesterday10 views

K000161837: Out-of-band Security Notification (July 15, 2026)

Security Advisory Description On July 15, 2026, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities to help determine the impact to your F5 devices. You can find the details of each issue in the associated articles. Article CVE|...

9.2CVSS6.1AI score
Exploits0
nuclei
nuclei
added yesterday40 views

Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion

Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...

7.5CVSS7.1AI score0.07605EPSS
Exploits0References3
nuclei
nuclei
added yesterday172 views

FlatPress 1.2.1 - Stored Cross-Site Scripting

FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks. id: CVE-2021-41432 info: name: FlatPress 1.2.1 -...

5.4CVSS6.3AI score0.01675EPSS
Exploits2References5
nuclei
nuclei
added yesterday68 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7AI score0.02572EPSS
Exploits0References2
nuclei
nuclei
added yesterday74 views

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

4.3CVSS6.7AI score0.02569EPSS
Exploits1References5
nuclei
nuclei
added yesterday57 views

LionWiki <3.2.12 - Local File Inclusion

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion. id: CVE-2020-27191 info: name: LionWiki 3.2.12 - Local File Inclusion author: 0xAkoko severity: high description: LionWiki before...

7.5CVSS7AI score0.08361EPSS
Exploits1References4
nuclei
nuclei
added yesterday24 views

LaRecipe < 2.8.1 Remote Code Execution via SSTI

LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection SSTI, which could potentially lead to Remote Code Execution RCE in vulnerable configurations. id: CVE-2025-53833 info:...

10CVSS6.2AI score0.09357EPSS
Exploits0References3
nuclei
nuclei
added yesterday35 views

DataEase - Remote Code Execution

DataEase is an open-source business intelligence and data visualization platform. Public advisories state that CVE-2025-49002 is related to a bypass in the previous fix for CVE-2025-32966 involving case-insensitive handling of restricted H2 JDBC keywords. This template is a non-invasive detection...

9.8CVSS6.1AI score0.43192EPSS
Exploits2References2
nuclei
nuclei
added yesterday64 views

DNN (DotNetNuke) - Unicode Path Normalization NTLM Hash Disclosure

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In versions 6.0.0 to before 10.0.1, DNN.PLATFORM allows a specially crafted series of malicious interaction to potentially expose NTLM hashes to a third party SMB server. This issue has been...

8.6CVSS7.1AI score0.30628EPSS
Exploits1References2
nuclei
nuclei
added yesterday88 views

Processwire CMS <2.7.1 - Local File Inclusion

Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. id: CVE-2020-27467 info: name: Processwire CMS 2.7.1 - Local File Inclusion author: 0xAkoko severity: high description:...

7.8CVSS7AI score0.15737EPSS
Exploits1References5
nuclei
nuclei
added yesterday119 views

Umbraco <7.4.0- Server-Side Request Forgery

Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. id: CVE-2015-8813 info: name: Umbraco 7.4.0- Server-Side Request...

8.2CVSS7.1AI score0.11595EPSS
Exploits1References5
cve
cve
added yesterday36 views

CVE-2025-65720

Open Source GPT Researcher v3.3.7 is affected by a vulnerability that allows remote code execution when a user interacts with a crafted HTML page. The NVD entry for CVE-2025-65720 confirms arbitrary command execution on the victim system, but the available documents do not detail the exact root c...

6.4AI score
Exploits0References3
nvd
nvd
added 3 days ago9 views

CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
osv
osv
added 3 days ago3 views

UBUNTU-CVE-2026-15551

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References2
euvd
euvd
added 3 days ago5 views

EUVD-2026-43257

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS6.1AI score0.00081EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago34 views

CVE-2026-15551 Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
ptsecurity
ptsecurity
added 3 days ago12 views

PT-2026-57583

Name of the Vulnerable Software and Affected Versions Samsung Open Source rlottie affected versions not specified Description An integer overflow or wraparound issue exists in Samsung Open Source rlottie, which can lead to buffer overflows. An integer overflow occurs when an arithmetic operation...

5.5CVSS6.2AI score0.00081EPSS
Exploits0References5
fedora
fedora
added 4 days ago12 views

[SECURITY] Fedora 43 Update: chromium-150.0.7871.114-1.fc43

Chromium is an open-source web browser, powered by WebKit Blink...

9.6CVSS6.1AI score0.00306EPSS
Exploits1
Rows per page
Query Builder