Lucene search
K

105514 matches found

OSV
OSV
added 2026/04/30 12:40 p.m.5 views

CLSA-2026-1777552800 openssl: Fix of CVE-2026-28389

CVE-2026-28389: fix NULL pointer dereference in dhcmssetsharedinfo and ecdhcmssetsharedinfo when the CMS KeyEncryptionAlgorithmIdentifier parameter field is omitted...

7.5CVSS7.3AI score0.00805EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 12:16 p.m.12 views

CVE-2026-1493

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...

5.4CVSS0.00178EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/30 11:24 a.m.6 views

EUVD-2026-26366

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 11:24 a.m.4 views

CVE-2026-1493 Cross-Site Scripting in LEX Baza Dokumentów

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...

4.6CVSS5.5AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 11:24 a.m.34 views

CVE-2026-1493 Cross-Site Scripting in LEX Baza Dokumentów

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...

4.6CVSS0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:24 a.m.2 views

CVE-2026-1493

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a mor...

5.3CVSS5.5AI score0.00293EPSS
Exploits0References3
CVE
CVE
added 2026/04/30 11:24 a.m.12 views

CVE-2026-1493

CVE-2026-1493 affects LEX Baza Dokumentów. It is a DOM-based XSS in the em cookie parameter, where the application unsafely processes the cookie on the client side, allowing a malicious actor who can set a cookie to execute arbitrary JavaScript in the victim’s browser. The documented impact is li...

5.4CVSS5.5AI score0.00293EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/30 10:22 a.m.9 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS8.5AI score0.00269EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/04/30 3:33 a.m.10 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.7AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/30 3:29 a.m.15 views

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

10CVSS7.2AI score0.01945EPSS
Exploits3References5
NVD
NVD
added 2026/04/30 2:16 a.m.5 views

CVE-2026-7469

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

6.5CVSS0.01314EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/30 1:45 a.m.32 views

CVE-2026-7469 Tenda 4G300 DelFil sub_425A28 command injection

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

6.5CVSS0.01314EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/30 1:45 a.m.5 views

CVE-2026-7469

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

6.5CVSS6.4AI score0.01314EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.10 views

MCP Server Semgrep 命令注入漏洞

MCP Server Semgrep is an AI assistant tool for integrated static code analysis, open-sourced by VetCoders. Version 1.0.0 of MCP Server Semgrep contains a command injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...

7.5CVSS7.2AI score0.01394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36088

Name of the Vulnerable Software and Affected Versions LEX Baza Dokumentów versions prior to 1.3.4 Description DOM-based Cross-Site Scripting XSS occurs when the application unsafely processes the em cookie parameter on the client side. This allows an attacker to execute arbitrary JavaScript withi...

5.4CVSS6.1AI score0.00293EPSS
Exploits0References6
CVE
CVE
added 2026/04/30 12:0 a.m.7 views

CVE-2026-36761

The CVE-2026-36761 entry documents a stored XSS vulnerability in JeeSite v5.15.1. The flaw resides in the /msg/msgInner/save endpoint, where crafted input in the msgContent parameter can lead to execution of arbitrary web scripts/HTML. The vulnerability is described with a CVSS v3.1 base score of...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 12:0 a.m.13 views

CVE-2026-36763

The CVE-2026-36763 entry describes a stored XSS in SpringBlade v4.8.0, exploitable via the /api/blade-desk/notice/submit endpoint by injecting crafted input into the content parameter. The NVD entry confirms the issue and lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, lo...

6.1CVSS5.3AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/30 12:0 a.m.3 views

CVE-2026-36763

A stored cross-site scripting XSS vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the content parameter...

5.3AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/30 12:0 a.m.5 views

EUVD-2026-26394

A stored cross-site scripting XSS vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter...

6.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.7 views

JeeSite 路径遍历漏洞

JeeSite is a Java rapid development platform open-sourced by Jinan Zhuoyuan thinkgem. Version JeeSite 5.15.1 contains a path traversal vulnerability, which stems from issues with the fileMd5 parameter in the /a/file/upload endpoint. This vulnerability could allow authenticated attackers with file...

9.6CVSS5.9AI score0.00383EPSS
Exploits0References1
Rows per page
Query Builder