Lucene search
K

19321 matches found

Nuclei
Nuclei
added 10 hours ago86 views

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS6.1AI score0.01999EPSS
Exploits1References2
Nuclei
Nuclei
added 10 hours ago55 views

Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS6.7AI score0.017EPSS
Exploits1References5
Nuclei
Nuclei
added 10 hours ago173 views

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. id:...

7.5CVSS5.7AI score0.54232EPSS
Exploits1References5
EUVD
EUVD
added 17 hours ago5 views

EUVD-2026-43596

SAP Change and Transport System Attach Tool ctsattach allows an authenticated attacker to supply a specially crafted archive file which, when processed by the application�s library, can trigger insecure deserialization and lead to remote code execution RCE on the system. Successful exploitation...

7.6CVSS6.6AI score
Exploits0References2
CVE
CVE
added 17 hours ago7 views

CVE-2026-44771

Technical details about CVE-2026-44771 are not publicly available in the provided documents; monitor for updates as new information may be released.

4.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-58486

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...

8.3CVSS
Exploits0References2
Cvelist
Cvelist
added yesterday24 views

CVE-2026-58486 HedgeDoc: Denial-of-service via YAML alias expansion in note frontmatter

HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, HedgeDoc was vulnerable to a YAML alias bomb due to unsafe processing of the note frontmatter. HedgeDoc parsed frontmatter with js-yaml.load js-yaml v3 via @hedgedoc/meta-marked, which...

8.3CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: gegl04 security update

An update for gegl04 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS7.3AI score0.00552EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-61465

A flaw was found in ImageMagick. This vulnerability occurs because ImageMagick is missing a check for the allowed memory allocation limit during certain image processing operations, such as when using the -canny function. A remote attacker could provide a specially crafted image, causing the...

6.5CVSS6.1AI score0.00105EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43172

ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...

4.8CVSS6.2AI score0.00116EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-56373

A flaw was found in ImageMagick. This use-after-free vulnerability CWE-416 exists within the PDB Program Database decoder. A remote attacker could exploit this by tricking a user into processing a specially crafted malicious PDB file. This could lead to a denial of service DoS due to application...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References5
Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 44 Update: python-pillow-12.3.0-1.fc44

Python image processing library, fork of the Python Imaging Library PIL This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. There are four subpackages: tk tk interface, qt PIL image wrapper for Qt, devel developmen...

7.5CVSS6.1AI score0.00364EPSS
Exploits5
NVD
NVD
added 4 days ago7 views

CVE-2026-55175

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS0.00615EPSS
Exploits0References11
NVD
NVD
added 4 days ago7 views

CVE-2026-44795

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43087

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55175 Spinnaker: Improper yaml processing on kustomize bake operations

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS0.00615EPSS
Exploits0References11
CVE
CVE
added 4 days ago15 views

CVE-2026-55175

Spinnaker CVE-2026-55175 affects Rosco/Kustomize bake operations where unsafe YAML tag processing in rosco manifests can lead to remote code execution on rosco pods. Affected versions are prior to 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 across release lines; fixes are available in 2026.1.1, 20...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
NVD
NVD
added 4 days ago6 views

CVE-2026-7639

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...

7.8CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 4 days ago10 views

CVE-2026-55213

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit edd7a120bfc4af11ac0cbebce2a43cc1f93f9af1, when h2o processes a QPACK instruction sent from the peer over HTTP/3, lib/http3/qpack.c might allocate an on-stack buffer as large as approximately 800 KB by calling...

7.5CVSS0.00343EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-41154

Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...

7.8CVSS0.00167EPSS
Exploits0References1
Rows per page
Query Builder