Lucene search
K

11297 matches found

CVE
CVE
added yesterday17 views

CVE-2026-46627

CVE-2026-46627 concerns Twig, a PHP template engine. Before 3.26.0, Twig’s sandbox does not prevent a template from consuming CPU, memory, or wall-clock time even with an allow-list, allowing resource exhaustion via unbounded for/range usage. The issue is mitigated in version 3.26.0, which docume...

7.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday20 views

CVE-2026-47732

Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...

7.1CVSS6.1AI score0.00044EPSS
Exploits0References3
CVE
CVE
added yesterday36 views

CVE-2026-48038

Joi (JavaScript) vulnerability CVE-2026-48038: In versions prior to 17.13.4 and 18.2.1, validation of deeply nested user input via recursive link() schemas can trigger an unhandled RangeError when validate() runs without try/catch, potentially crashing the process. Fixed in 17.13.4 and 18.2.1. CV...

5.3CVSS6.1AI score0.00039EPSS
Exploits0References4
NVD
NVD
added yesterday2 views

CVE-2026-50367

Incorrect access of indexable resource 'range error' in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-15305

The CVE affects TYPO3 CMS versions 14.2.0–14.3.5. Root cause: MimeTypeValidator is registered during form building before concrete form definition properties are applied, so the server-side enforcement of allowedMimeTypes is bypassed and users can upload files with arbitrary MIME types via FileUp...

6.3CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday16 views

CVE-2026-62392 Apache Kylin: OS Command Injection via Async Query API

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Kylin. A backend API may bring job config parameters to OS command line. This issue affects Apache Kylin: from 4 through 5.0.3. Users are recommended to upgrade to version 5.0.4, which...

Exploits0References1
Nuclei
Nuclei
added yesterday63 views

Astro Cloudflare Adapter - Server Side Request Forgery

Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using the default imageService: 'compile', the generated image optimization endpoint doesn't check the URL...

7.2CVSS6.1AI score0.00773EPSS
Exploits1References3
OSV
OSV
added 2 days ago4 views

CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...

5.1CVSS6.1AI score0.00173EPSS
Exploits0References5
OSV
OSV
added 2 days ago4 views

CVE-2026-61501 Rejetto HFS < 3.2.1 Stored XSS in Admin Log Viewer

Rejetto HFS 3.0.0 through 3.2.0 renders log entries in the administration panel as HTML without sanitization. A remote unauthenticated attacker can submit a failed login with a crafted username that is written to the error log and executes JavaScript in an administrator's browser when the logs ar...

5.3CVSS6.3AI score0.00308EPSS
Exploits0References5
NVD
NVD
added 2 days ago5 views

CVE-2026-57812

Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simply Schedule Appointments: from n/a through = 1.6.12.4...

6.5CVSS0.00196EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago5 views

Important: Red Hat Security Advisory: gegl04 security update

An update for gegl04 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS7.3AI score0.00552EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago3 views

gimp: GIMP: Arbitrary code execution via heap-based buffer overflow in HDR file parsing

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of HDR High Dynamic Range files due to insufficient validation of user-supplied data length. A remote attacker could exploit this by convincing a user to open a specially crafted malicious file,...

7.8CVSS7.3AI score0.00552EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2 days ago6 views

gimp: GIMP: Arbitrary code execution via heap-based buffer overflow in HDR file parsing

A flaw was found in GIMP. This vulnerability, a heap-based buffer overflow, occurs during the parsing of HDR High Dynamic Range files due to insufficient validation of user-supplied data length. A remote attacker could exploit this by convincing a user to open a specially crafted malicious file,...

7.8CVSS7.3AI score0.00552EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43080

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

6.1AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43078

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal ECA: Event - Condition - Action allows Object Injection. This issue affects ECA: Event - Condition - Action versions: from 0.0.0 to 2.1.20, from 3.0.0 to 3.0.12, from 3.1.0 to 3.1.4...

6.1AI score0.00175EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43056

Incorrect Authorization vulnerability in Drupal Advanced Content Feedback aka adminfeedback allows Forceful Browsing. This issue affects Advanced Content Feedback aka adminfeedback versions: from 0.0.0 to 2.8.0...

6.1AI score0.00162EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43115

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Commerce Core allows Stored XSS. This issue affects Commerce Core versions: from 3.3.0 to 3.3.6...

6.1AI score0.00161EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43048

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...

6.1AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-15084

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Patterns SDC in Drupal UI allows Stored XSS. This issue affects UI Patterns SDC in Drupal UI versions: from 2.0.0 to 2.0.17...

5.4CVSS0.00274EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-15085

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal AI SEO/GEO Analyzer allows Stored XSS. This issue affects AI SEO/GEO Analyzer versions: from 0.0.0 to 1.1.3...

5.4CVSS0.00274EPSS
Exploits0References1
Rows per page
Query Builder