Lucene search
K

3329 matches found

Nuclei
Nuclei
added 9 hours ago78 views

DomainMOD 4.13.0 - Cross-Site Scripting

DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...

5.4CVSS6.1AI score0.01331EPSS
Exploits1References2
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43089

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

6.1AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-15086

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

5.9CVSS0.00236EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-15086

Technical details about CVE-2026-15086 are not publicly available in the provided documents. Monitor for updates from official advisories and vulnerability feeds.

5.9CVSS6.1AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077

vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...

0.00236EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42818

Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...

8.3CVSS6AI score0.00379EPSS
Exploits0References1
NVD
NVD
added 4 days ago7 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS0.00516EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42781

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6AI score0.00516EPSS
Exploits0References2
CVE
CVE
added 4 days ago15 views

CVE-2026-54423

OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...

8.2CVSS6AI score0.00516EPSS
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-54423

In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...

8.2CVSS6.2AI score0.00516EPSS
Exploits0
NVD
NVD
added 4 days ago7 views

CVE-2026-54771

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...

8.1CVSS0.00392EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibRaw vulnerabilities (USN-8522-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8522-1 advisory. It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cau...

9.8CVSS6.6AI score0.00746EPSS
Exploits6References7
CVE
CVE
added 5 days ago9 views

CVE-2026-54771

Langroid prior to 0.65.3 is affected. A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Root cause: the tool dispatch path in agent_response → handle_message → get...

8.1CVSS5.9AI score0.00392EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-54771 Langroid: handle_message() executes user-supplied tool JSON without sender verification

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...

8.1CVSS0.00392EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-54423

A malicious user with access to deploy a node directly via Ironic can specify the IPMI sendraw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI sendraw capability is exposed multiple ways, including via VendorPassthru interfaces restricted to system admin and...

8.2CVSS6.2AI score0.00516EPSS
Exploits0References4
NVD
NVD
added 6 days ago7 views

CVE-2026-49147

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS0.00329EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 11:16 p.m.9 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 8:42 p.m.3 views

GHSA-GJGQ-W2M6-WR5Q Langroid: handle_message() executes user-supplied tool JSON without sender verification

Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...

8.1CVSS6AI score0.00392EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.13 views

PT-2026-56064

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.3 Description An application using this framework that exposes a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads. This occurs even when tools are registered with use=Fals...

8.1CVSS6AI score0.00392EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/04 8:0 p.m.10 views

EUVD-2026-41694

A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...

4.8CVSS5.5AI score0.00116EPSS
Exploits0References6
Rows per page
Query Builder