Lucene search
K

2116 matches found

Nuclei
Nuclei
added 14 hours ago79 views

Traefik - Open Redirect

Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-15129 info: name:...

6.1CVSS6.2AI score0.08011EPSS
Exploits0References5
Nuclei
Nuclei
added 14 hours ago12 views

Advance Post Prefix WordPress plugin - Reflected XSS

Advance Post Prefix WordPress plugin through 1.1.1 contains a reflected cross-site scripting caused by unsanitized and unescaped parameter output, letting attackers execute scripts against high privilege users such as admin, exploit requires crafted request. id: CVE-2024-12734 info: name: Advance...

6.1CVSS6.1AI score0.00521EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added yesterday4 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00354EPSS
Exploits1References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43234

filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can delete a shared directory using a trailing-slash path, then recreate the same directory to expose ne...

3.1CVSS6.1AI score0.00198EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-61454

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-3367

The Lockme OAuth2 calendars integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'App ID' setting in all versions up to, and including, 2.11.0. This is due to insufficient input sanitization and output escaping. The registersetting call on line 197 lacks a sanitiz...

4.4CVSS0.00256EPSS
Exploits0References14
CVE
CVE
added 3 days ago10 views

CVE-2026-3367

The CVE-2026-3367 entry concerns the WordPress plugin Lockme Cal­endars Integration (

4.4CVSS6.2AI score0.00256EPSS
Exploits0References14
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-40007 Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipeairgapreceiverenabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticate...

0.00278EPSS
Exploits0References1
CVE
CVE
added 5 days ago9 views

CVE-2026-59149

Mockoon before version 9.7.0 is affected by a path-traversal in the templated filePath. The vulnerability arises because getSafeFilePath checks resolvedPath.startsWith(staticBaseDir) without a path-separator boundary, allowing an unauthenticated client to craft a ../-escaped path that prefixes th...

6.5CVSS5.9AI score0.0033EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS6.1AI score0.00367EPSS
Exploits0References7
NVD
NVD
added 6 days ago9 views

CVE-2026-53951

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS0.00189EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-53951

CVE-2026-53951 affects Copier versions 9.5.0–9.15.1. The vulnerability stems from a trust-prefix bypass: the code compares a template URL against a trusted prefix with a raw startswith and no path normalization, while the URL is normalized later when fetching (local paths via Path.resolve; https ...

8.8CVSS6.1AI score0.00189EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-53951 Copier: trust-prefix bypass via path traversal runs tasks unprompted

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS0.00189EPSS
Exploits0References2
CVE
CVE
added 6 days ago9 views

CVE-2026-24699

CVE-2026-24699 affects Cisco routers: RV130/RV130W (firmware 1.0.3.55) and RV110W (firmware 1.2.2.5/1.2.2.8). The issue is an OS command injection in the sub_34984() function of the rc binary, caused by improper sanitization of the lan_ipv6_prefixlen configuration parameter. This could allow an a...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/07/06 6:29 a.m.5 views

OESA-2026-2862 vim security update

Vim is an advanced text editor that seeks to provide the power of the de-facto Unix editor 'Vi', with a more complete feature set. Vim is a highly configurable text editor built to enable efficient text editing. It is an improved version of the vi editor distributed with most UNIX systems. Securi...

8.4CVSS6.2AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/07/03 1:17 p.m.8 views

CVE-2026-56015

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

9.1CVSS0.00537EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/03 12:56 p.m.6 views

EUVD-2026-41541

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

6AI score0.00537EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 12:56 p.m.20 views

CVE-2026-56015

CVE-2026-56015 affects Net::IP::LPM v1.10 and earlier for Perl, enabling a heap out-of-bounds read when adding prefixes with unbounded lengths. The bug arises in addPrefixToTrie() which walks the prefix buffer by prefix_length bits without verifying it against the address width (4 bytes IPv4, 16 ...

9.1CVSS6AI score0.00537EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 12:56 p.m.40 views

CVE-2026-56015 Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

0.00537EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.17 views

PT-2026-55535

Name of the Vulnerable Software and Affected Versions Net::IP::LPM versions prior to 1.11 Description An issue exists where a heap out-of-bounds read can occur due to an unbounded prefix length. The add function passes a prefix string to the addPrefixToTrie function without verifying it against t...

9.1CVSS6.1AI score0.00537EPSS
Exploits0References11
Rows per page
Query Builder