Lucene search
+L

46 matches found

OSV
OSV
added 4 days ago5 views

CVE-2026-55445 Qinglong: Incomplete fix for CVE-2026-3965: Improper Authentication

Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...

9.3CVSS6.1AI score0.00404EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 11:39 p.m.5 views

BIT-GHOST-2026-53944 Ghost: Private IP filtering bypass to make server-side requests to internal services

Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal service using an IPv6 literal which maps to a private IPv4 address. This vulnerability is fixed in...

5.8CVSS5.8AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52843

Name of the Vulnerable Software and Affected Versions LXD versions prior to 6.9 LXD version 5.21 Description A nil-pointer dereference occurs in the CreateCustomVolumeFromBackup function when processing a specially crafted custom-volume backup tarball that omits the expires at snapshot field. An...

6.5CVSS6AI score0.00389EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/16 9:38 p.m.28 views

CVE-2026-48783 Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription

Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and applied subscription-enforcement side effects to the organization referenced in that token's claims, without verifying the token's intended purpose. The...

4.8CVSS0.0017EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 2:53 p.m.11 views

CVE-2026-45736 ws: Uninitialized memory disclosure

ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the reason argument. This vulnerability is fixed in 8.20.1...

4.4CVSS5.8AI score0.00745EPSS
Exploits1References2
OSV
OSV
added 2026/05/08 10:28 p.m.3 views

CVE-2026-42556 Postiz stored XSS in public preview page

Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their own save request and send the public preview link /p/?share=true to another user. The preview page...

8.9CVSS5.9AI score0.00258EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/25 12:0 a.m.10 views

PT-2026-35157

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mg aes gcm decrypt of the file /src/tls aes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may ...

6.3CVSS4.5AI score0.00217EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-010673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010673 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is...

9.8CVSS6AI score0.00453EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: freerdp (UTSA-2026-007193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007193 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen doe...

9.1CVSS6AI score0.00756EPSS
Exploits1References4
CBLMariner
CBLMariner
added 2026/04/06 11:43 p.m.6 views

CVE-2026-1519 affecting package bind for versions less than 9.20.21-1

CVE-2026-1519 affecting package bind for versions less than 9.20.21-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS7.3AI score0.01545EPSS
Exploits0
EUVD
EUVD
added 2026/04/02 12:31 p.m.9 views

EUVD-2026-18183

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.8AI score0.00716EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/02 9:30 a.m.4 views

EUVD-2026-18170

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS7.2AI score0.00727EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/04/02 8:0 a.m.6 views

CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS7.2AI score0.00727EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/02 8:0 a.m.44 views

CVE-2026-5244 Cesanta Mongoose TLS 1.3 mongoose.c mg_tls_recv_cert heap-based overflow

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

7.5CVSS0.00727EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006318)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006318 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on serversupplied...

9.1CVSS5.9AI score0.00756EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.6 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: freerdp (UTSA-2026-006320)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006320 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, xfPointerNew frees cursorPixels on failure, then pointerfree calls...

9.8CVSS6AI score0.00402EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15557

Missing Authorization vulnerability in bdthemes Ultimate Post Kit ultimate-post-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Post Kit: from n/a through = 4.0.21...

5.8AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-24362

CVE-2026-24362 is a concrete, vendor-confirmed vulnerability affecting Ultimate Post Kit Addons for Elementor (bdthemes Ultimate Post Kit)

6.4CVSS5.8AI score0.00245EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 7:32 a.m.3 views

CVE-2026-4225

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

4.8CVSS4AI score0.00206EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

IPFire 跨站脚本漏洞

IPFire is an open-source Linux distribution developed by the IPFire organization. It is primarily used as a router and firewall. Version 127 of IPFire 2.21 contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input validation of the MAXDISKUSAGE or...

6.1CVSS5.6AI score0.00242EPSS
Exploits1References4
Rows per page
Query Builder