Lucene search
K

2103 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5201 SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG (getDynamicIcon, unauthenticated) in github.com/siyuan-note/siyuan/kernel

SiYuan vulnerable to reflected XSS via SVG namespace prefix bypass in SanitizeSVG getDynamicIcon, unauthenticated in github.com/siyuan-note/siyuan/kernel...

8.6CVSS5.8AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5163 Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik

Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik...

10CVSS5.8AI score0.00267EPSS
Exploits1References5
OSV
OSV
added 2026/06/25 6:26 p.m.5 views

GO-2026-5159 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix in github.com/filebrowser/filebrowser

File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix in github.com/filebrowser/filebrowser...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 5:40 p.m.8 views

CVE-2026-54097 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 5:40 p.m.32 views

CVE-2026-54097 File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, a low-privileged authenticated user of filebrowser with create + delete permissions in their own isolated scope can silently destroy share-link...

7.2CVSS0.00411EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 5:40 p.m.30 views

CVE-2026-54097

Summary of CVE-2026-54097 (File Browser) : A low-privileged authenticated user with create/delete permissions within their own scope could trigger deletion of other users’ share links by performing a DELETE on a file whose logical path is a byte-prefix of another user’s share.Link.Path. The backe...

7.2CVSS5.8AI score0.00411EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 4:16 p.m.13 views

CVE-2026-55892

Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...

5.5CVSS0.00122EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/06/25 3:32 p.m.6 views

CVE-2026-55892

Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 3:32 p.m.22 views

CVE-2026-55892

Vim vulnerability CVE-2026-55892 affects Vim prior to 9.2.0662. The dump_prefixes() function in src/spell.c walks a spell-file prefix trie with a depth counter and indexes fixed MAXWLEN-element arrays (prefix[], arridx[], curi[]). The depth bound is the trie itself, not the array size, allowing a...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:32 p.m.43 views

CVE-2026-55892 Vim: Out-of-bounds Write in Spell File Prefix Dump

Vim is an open source, command line text editor. Prior to 9.2.0662, the dumpprefixes function in src/spell.c walks a spell-file prefix trie iteratively with a depth counter while dumping the prefixes that apply to a word. The counter is bounded only by the trie structure itself; it is never check...

5.5CVSS0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53214

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

5.5CVSS0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53214

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

6.8CVSS5.7AI score0.00122EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.7 views

CVE-2026-53214

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

5.7AI score0.00122EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.4 views

EUVD-2026-39305

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix a potential NPD in cleanupprefixroute addrconfgetprefixroute can return the fib6nullentry sentinel entry which has a NULL fib6table pointer. Therefore, before setting the route's expiration time, check that we are not...

5.8AI score0.00122EPSS
Exploits0References5
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53214

The CVE-2026-53214 entry concerns the Linux kernel IPv6 code. The vulnerability occurs when addrconf_get_prefix_route() can return the fib6_null_entry sentinel, which has a NULL fib6_table pointer. Before setting a route’s expiration time, the code must verify that it is not operating on the fib6...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:42 a.m.36 views

CVE-2026-10833 Gutenberg Essential Blocks - Page Builder for Gutenberg Blocks & Patterns <= 6.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'configurablePrefix' Block Attribute

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'configurablePrefix' Block Attribute in all versions up to, and including, 6.1.4 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/25 2:19 a.m.7 views

SUSE CVE-2026-56115

Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the JWTMiddleware function in internal/auth/auth.go, which validates JWT tokens and account status but...

8.8CVSS5.8AI score0.00307EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 12:0 a.m.4 views

UBUNTU-CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS5.8AI score0.00265EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52309

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur in the IPv6 implementation. The function addrconf get prefix route may return a fib6 null entry sentinel entry that contains a NULL fib6 table...

6.8CVSS5.9AI score0.00122EPSS
Exploits0References13
CVE
CVE
added 2026/06/24 1:21 p.m.36 views

CVE-2026-35025

ProFTPD versions affected: 1.3.9b and 1.3.10rc2. Issue: an access control bypass in the RNFR path handling allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root. Root cause: unresolved symlink components in dir_canonical_path() cause dir_check...

8.6CVSS5.9AI score0.00331EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder