Lucene search
K

112 matches found

CVE
CVE
added 2 days ago7 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:20 p.m.4 views

Security Bulletin: Vulnerability in Lodash affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Lodash has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.8CVSS7AI score0.01735EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

RHEL 9 : bind9.18 (RHSA-2026:24934)

"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:24934 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves...

7.5CVSS5.5AI score0.01545EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/06/05 12:0 a.m.9 views

WordPress Admin Columns plugin <= 7.0.18 - Authenticated (Contributor+) PHP Object Injection to Remote Code Execution vulnerability

Authenticated Contributor+ PHP Object Injection to Remote Code Execution vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Admin Columns versions = 7.0.18...

8.8CVSS5.7AI score0.00652EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/05/28 12:38 p.m.9 views

Relative Path Traversal

Overview org.apache.ignite:ignite-core is a memory-centric distributed database, caching, and processing platform for transactional, analytical, and streaming workloads delivering in-memory speeds at petabyte scale. Affected versions of this package are vulnerable to Relative Path Traversal via t...

8.5CVSS5.9AI score0.00526EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 4:33 p.m.3 views

OPENSUSE-SU-2026:20720-1 Security update for trivy

This update for trivy fixes the following issues: Changes in trivy: - update go-git to 5.18.0 bsc1264873, CVE-2026-41506...

7.4CVSS5.8AI score0.00259EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 9:29 p.m.4 views

CVE-2026-40110

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match to check incoming origins against the alloworiginpat configuration value. Because re.match only anchors at the start of the string and does not require a...

7.6CVSS5.8AI score0.00333EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/05 3:28 p.m.10 views

CVE-2025-61669

Jupyter Server is the backend for Jupyter web applications. In jupyterserver versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in LoginFormHandler.redirectsafe, which allows redirects to arbitrary external domains via values such as ///example.com. An...

6.3CVSS5.9AI score0.00265EPSS
Exploits1
EUVD
EUVD
added 2026/04/30 6:34 a.m.8 views

EUVD-2026-26351

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

4CVSS5.2AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 3:16 p.m.3 views

DEBIAN-CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

7.5CVSS5.3AI score0.00426EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/18 6:43 a.m.4 views

CVE-2026-41254

Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication...

7.5CVSS5.3AI score0.00365EPSS
Exploits1
EUVD
EUVD
added 2026/04/01 11:51 p.m.7 views

EUVD-2026-17610

lodash vulnerable to Code Injection via .template imports key names...

8.1CVSS7.3AI score0.01735EPSS
Exploits0References5
NVD
NVD
added 2026/03/31 8:16 p.m.19 views

CVE-2026-2950

Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the .unset and .omit functions. The fix for CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg only guards against string key members, so an attacker can bypass the check by...

6.5CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/05 6:30 a.m.2 views

EUVD-2026-9693

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX Invetex invetex allows PHP Local File Inclusion.This issue affects Invetex: from n/a through = 2.18...

5.9AI score0.00403EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/02 11:29 a.m.5 views

WordPress Invetex theme <= 2.18 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Invetex versions = 2.18...

8.1CVSS5.9AI score0.00403EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:0 a.m.3 views

CVE-2025-65465

A reflected Cross-Site Scripting XSS vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted payload in a filename parameter e.g., to the FileRead function. This occurs because the error...

6.1CVSS6.2AI score0.00391EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/23 8:45 a.m.9 views

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/17 12:0 a.m.3 views

SUSE SLES15: libnvidia-container-devel / libnvidia-container-static / etc (SUSE-SU-2026:0558-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0558-1 advisory. Update to version 1.18.0. Security issues fixed: - CVE-2024-0132: time-of-check time-of-use TOCTOU race condition in...

9CVSS7.1AI score0.36458EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6634

Name of the Vulnerable Software and Affected Versions Edimax BR-6258n versions up to 1.18 Description A flaw exists in the formStaDrvSetup function within the /goform/formStaDrvSetup file. Manipulation of the submit-url argument can lead to an open redirect. This issue can be exploited remotely...

5.1CVSS5.3AI score0.00255EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

billboard.js security vulnerability

billboard.js is a reusable and easy-to-use JavaScript chart library developed by NAVER based on D3.js. Versions of billboard.js prior to 3.18.0 contained a security vulnerability. This vulnerability stemmed from improper cleanup during the binding of chart options, which could allow for the...

6.1CVSS5.9AI score0.00158EPSS
Exploits0References1
Rows per page
Query Builder