Lucene search
+L

410 matches found

nvd
nvd
added 2026/07/09 6:16 p.m.10 views

CVE-2026-61344

The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication...

6.9CVSS0.00272EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/09 5:46 p.m.3 views

CVE-2026-61344

The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References4
euvd
euvd
added 2026/07/09 5:46 p.m.7 views

EUVD-2026-42663

The Superior Court of California Hearing Reminder Service at https://www.hrs.courts.ca.gov exposes an API endpoint that returns court reminder records containing potentially sensitive information without authentication...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
cve
cve
added 2026/07/09 5:46 p.m.16 views

CVE-2026-61344

CVE-2026-61344 affects the Superior Court of California Hearing Reminder Service (hrs.courts.ca.gov). The API endpoint exposes court reminder records containing potentially sensitive information without authentication, indicating an unauthenticated information disclosure. The root cause is an exp...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References3
cve
cve
added 2026/07/01 11:59 a.m.23 views

CVE-2026-53908

CVE-2026-53908 affects MCO. The vulnerability enables user enumeration via authentication-related functions: username reminder and password reset responses differ for valid vs invalid users, allowing an attacker to discover valid usernames and email addresses. Vulnerable context: confirmed in ver...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.10 views

PT-2026-54834

Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1 Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the...

6.9CVSS5.8AI score0.00211EPSS
Exploits0References7
nvd
nvd
added 2026/06/11 7:16 p.m.15 views

CVE-2026-47171

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS0.00324EPSS
Exploits0References2
euvd
euvd
added 2026/06/11 6:28 p.m.10 views

EUVD-2026-36299

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS5.4AI score0.00324EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/04 12:0 a.m.19 views

PT-2026-46324

Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...

8.1CVSS5.2AI score0.00435EPSS
Exploits0References3
snyk
snyk
added 2026/05/20 9:41 a.m.8 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via Environment::createTemplate when sandboxing is enabled selectively through SourcePolicyInterface. An attacker can bypass Twig sandbox...

9.8CVSS5.8AI score0.00331EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.9 views

PT-2026-38252

Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An issue exists where an attacker can transform a redirect route rule using wildcards into a cross-host redirect by inserting an extra slash after the rule...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.15 views

PT-2026-38253

Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An attacker can bypass proxy route rules by sending percent-encoded path traversal sequences ..%2f in the URL. This occurs when Nitro treats these characters as...

5.3CVSS5.8AI score0.00392EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/05/05 2:49 p.m.4 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References4Affected Software1
snyk
snyk
added 2026/04/22 8:23 p.m.9 views

Uncontrolled Recursion

Overview @xmldom/xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes. Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom Affected versions of this package are vulnerable to Uncontrolled...

8.7CVSS5.5AI score0.00643EPSS
Exploits0References2
snyk
snyk
added 2026/04/21 1:17 a.m.22 views

Malicious Package

Overview cktool.api is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.7AI score
Exploits0References2
redhatcve
redhatcve
added 2026/03/31 10:58 p.m.3 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
nvd
nvd
added 2026/03/30 9:17 p.m.4 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS0.00414EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/30 8:31 p.m.24 views

CVE-2026-28228 OpenOLAT: Server-Side Template Injection (SSTI) in Velocity templates allows Remote Code Execution

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS0.00414EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/30 8:31 p.m.1 views

CVE-2026-28228

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/03/30 8:31 p.m.3 views

EUVD-2026-17201

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. Prior to versions 19.1.31, 20.1.18, and 20.2.5, an authenticated user with the Author role can inject Velocity directives into a reminder email template. When the reminder is processed...

8.8CVSS5.9AI score0.00414EPSS
Exploits0References1
Rows per page
Query Builder