Lucene search
K

8991 matches found

Nuclei
Nuclei
added 8 hours ago101 views

FUDForum 3.1.0 - Cross-Site Scripting

FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks. id: CVE-2021-27520 info: name: FUDForum 3.1.0 - Cross-Site Scriptin...

6.1CVSS6.3AI score0.06396EPSS
Exploits4References5
Nuclei
Nuclei
added 8 hours ago11 views

WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected)

The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape the "themestylesheet" parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting vulnerability. id: CVE-2025-6174 info: name: WordPress Qwizcards alert'randstr'" matchers...

6.1CVSS5.9AI score0.0046EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago21 views

TP-Link Archer A20 v3 Router - Cross-site Scripting

The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting XSS due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL...

4.8CVSS7.3AI score0.00875EPSS
Exploits0References2
Nuclei
Nuclei
added 8 hours ago102 views

WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion

WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree. id: CVE-2017-1000170 info: name: WordPress Delightful Downloads Jquery File Tree 2.1.5 - Local File Inclusion author: dwisiswant0 severity: high...

7.5CVSS7AI score0.57608EPSS
Exploits7References5
IBM Security Bulletins
IBM Security Bulletins
added yesterday2 views

Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2025-14923 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide...

9.8CVSS7.4AI score0.00252EPSS
Exploits1Affected Software2
Github Security Blog
Github Security Blog
added yesterday5 views

`lxml_html_clean.Cleaner` does not strip `javascript:` URLs from namespaced URL attributes

lxmlhtmlclean.Cleaner does not strip javascript: URLs from namespaced URL attributes xlink:href Reporter: Guillem Lefait · Date: 2026-05-10 Affected: lxml ≤ 6.1.0 and lxmlhtmlclean ≤ 0.4.4 latest stable Confirmed against: lxml 6.1.0 + lxmlhtmlclean 0.4.4 on Python 3.13.5, 3.14.4, and 3.15.0a8...

6AI score
Exploits0References2Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added yesterday2 views

Security update for hauler (important)

openSUSE security update: security update for hauler ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21262-1 Rating: important References: bsc1267150 bsc1269433 Cross-References: CVE-2026-25680 CVE-2026-25681 CVE-2026-27136 CVE-2026-42502...

8.7CVSS6.7AI score0.00478EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added yesterday2 views

Security update for podman (important)

openSUSE security update: security update for podman ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21244-1 Rating: important References: bsc1262856 bsc1266125 Cross-References: CVE-2025-22869 CVE-2025-47913 CVE-2025-47914 CVE-2025-52881...

9CVSS7AI score0.01008EPSS
Exploits2References2
OPENSUSE Linux
OPENSUSE Linux
added yesterday2 views

Security update for docker-compose (important)

openSUSE security update: security update for docker-compose ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21247-1 Rating: important References: bsc1239340 bsc1239766 bsc1265782 bsc1266625 Cross-References: CVE-2025-0495 CVE-2025-22869...

9.1CVSS6.8AI score0.00868EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added yesterday2 views

Security update for trivy (important)

openSUSE security update: security update for trivy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21249-1 Rating: important References: bsc1269269 bsc1269271 Cross-References: CVE-2026-54448 CVE-2026-55092 CVSS scores: CVE-2026-54448 SUSE : 6.5...

8.8CVSS6.1AI score0.00292EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added yesterday3 views

Security update for radare2 (important)

openSUSE Security Update: Security update for radare2 Announcement ID: openSUSE-SU-2026:0231-1 Rating: important References: 1244121 1262142 1265403 Cross-References: CVE-2025-1378 CVE-2025-1744 CVE-2025-1864 CVE-2025-5641 CVE-2026-40499 CVE-2026-8695 CVSS scores: CVE-2025-1378 SUSE: 4.8...

10CVSS6.5AI score0.01184EPSS
Exploits4References3
OPENSUSE Linux
OPENSUSE Linux
added yesterday2 views

Security update for alloy (important)

openSUSE security update: security update for alloy ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21251-1 Rating: important References: bsc1260981 bsc1265440 bsc1266196 bsc1266654 bsc1267185 bsc1267333 bsc1267481 bsc1267485 bsc1267488 bsc1267489...

9.1CVSS7AI score0.00513EPSS
Exploits5References10
OSV
OSV
added 2 days ago4 views

PYSEC-2026-2034 WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect

Summary A Server-Side Request Forgery SSRF Protection Bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata endpoints even when a developer has implemented a custom urlfetcher to block...

7.5CVSS6AI score0.00501EPSS
Exploits2References9
PyPA
PyPA
added 2 days ago2 views

xml2rfc is vulnerable to arbitrary file reads through prepped files

ImpactWhen generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. WorkaroundsTest untrusted input with link elements with rel="attachment" before processing. ReferencesThis is related to...

8.7CVSS6AI score0.00278EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2057 xml2rfc is vulnerable to arbitrary file reads through prepped files

Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the prepped RFCXML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. References This is related ...

8.7CVSS6AI score0.00278EPSS
Exploits0References7
PyPA
PyPA
added 2 days ago3 views

xml2rfc has an arbitrary file read vulnerability

ImpactWhen generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. WorkaroundsTest untrusted input with link elements with rel="attachment" before processing. CreditsThis vulnerability was reported b...

8.7CVSS6AI score0.00265EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2 days ago3 views

PYSEC-2026-2058 xml2rfc has an arbitrary file read vulnerability

Impact When generating PDF files, this vulnerability allows an attacker to read arbitrary files from the filesystem by injecting malicious link element into the XML. Workarounds Test untrusted input with link elements with rel="attachment" before processing. Credits This vulnerability was reporte...

8.7CVSS6AI score0.00265EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 3 days ago7 views

Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)

Description When a host pushes a CLR object into a Scriban TemplateContext via the standard, documented pattern — var so = new ScriptObject; so"user" = currentUser; // direct CLR reference context.PushGlobalso; — TypedObjectAccessor exposes every public-getter property for both reading and writin...

6AI score
Exploits0References2Affected Software1
OSV
OSV
added 3 days ago4 views

GHSA-7JVP-HJ45-2F2M Scriban: Template Writes to Arbitrary CLR Properties via `TypedObjectAccessor` (Mass Assignment + `private` / `init` / `internal` Setter Bypass)

Description When a host pushes a CLR object into a Scriban TemplateContext via the standard, documented pattern — var so = new ScriptObject; so"user" = currentUser; // direct CLR reference context.PushGlobalso; — TypedObjectAccessor exposes every public-getter property for both reading and writin...

8.7CVSS6AI score
Exploits0References2
OSV
OSV
added 3 days ago4 views

OESA-2026-2869 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A...

9.8CVSS6.2AI score0.00595EPSS
Exploits2References46
Rows per page
Query Builder