Lucene search
K

165 matches found

OSV
OSV
added 2026/03/27 7:10 a.m.5 views

BIT-DISCOURSE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's profile U...

6.5CVSS5.9AI score0.00302EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:52 p.m.7 views

EUVD-2026-13332

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS5.8AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 9:52 p.m.2 views

CVE-2026-32099 Discourse prevents hidden profile data leak via user onebox

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, when a user has hideprofile enabled, their bio, location, and website were still exposed through the user onebox preview. An authenticated user could request a onebox for a hidden user's...

4.3CVSS5.8AI score0.00302EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/24 1:52 a.m.3 views

Infinite loop

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:52 a.m.3 views

Infinite loop

Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:52 a.m.6 views

Infinite loop

Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

7.5CVSS6AI score0.00327EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/24 1:52 a.m.6 views

Infinite loop

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

7.5CVSS6AI score0.00327EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/02/24 1:52 a.m.3 views

CVE-2026-26066

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infinite loop when writing it with IPTCTEXT. Versions 7.1.2-15 and 6.9.13-40 contain a patch...

7.5CVSS5.5AI score0.00327EPSS
Exploits0
Cvelist
Cvelist
added 2026/01/26 5:43 p.m.34 views

CVE-2020-36960 Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like 'alertdocument.cookie' to execute arbitrary JavaScript when the profile is viewed by other users...

6.4CVSS0.00195EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/26 3:10 p.m.8 views

CVE-2026-24403

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

8.8CVSS5.9AI score0.00395EPSS
Exploits1References1
NVD
NVD
added 2026/01/24 2:15 a.m.14 views

CVE-2026-24411

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml. This occurs when user-controllable input is unsafely incorporated into ICC profile data or oth...

8.8CVSS0.0031EPSS
Exploits1References3
NVD
NVD
added 2026/01/24 1:15 a.m.18 views

CVE-2026-24403

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

8.8CVSS0.00395EPSS
Exploits1References3
NVD
NVD
added 2026/01/24 1:15 a.m.9 views

CVE-2026-24405

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read. This occurs when user-controllable input is unsafely incorporated into ICC profile...

8.8CVSS0.00524EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/01/24 1:9 a.m.5 views

CVE-2026-24409 iccDEV has Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum<>::ParseXml()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml. This occurs when user-controllable input is unsafely incorporated into...

7.1CVSS5.8AI score0.0031EPSS
Exploits1References3
OSV
OSV
added 2026/01/24 1:5 a.m.8 views

CVE-2026-24407 iccDEV has Undefined Behavior in icSigCalcOp()

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp. This occurs when user-controllable input is unsafely incorporated into ICC profile data or other structured binary...

7.1CVSS5.6AI score0.00395EPSS
Exploits1References5
CVE
CVE
added 2026/01/24 1:5 a.m.25 views

CVE-2026-24407

CVE-2026-24407 affects iccDEV: versions

8.8CVSS5.5AI score0.00395EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/24 12:55 a.m.4 views

CVE-2026-24404

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType contains a Null Pointer Dereference and Undefined Behavior vulnerability. This occurs when user-controllable input is unsafely...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/01/24 12:46 a.m.6 views

EUVD-2026-4611

iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader when user-controllable input is incorporated into profile data...

7.1CVSS5.8AI score0.00395EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.6 views

CVE-2024-14009

Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and...

9.4CVSS7.1AI score0.01103EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.4 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.0.1, which stems from improper acces...

9.4CVSS6.7AI score0.01103EPSS
Exploits0References3
Rows per page
Query Builder