Lucene search
K

6784 matches found

NVD
NVD
added yesterday4 views

CVE-2026-15548

A security vulnerability has been detected in Shibby Tomato up to 1.28.0000. This vulnerability affects the function sub407220 of the file /usr/sbin/httpd of the component DNS List Rendering. The manipulation leads to stack-based buffer overflow. The attack is possible to be carried out remotely...

9CVSS0.00738EPSS
Exploits0References5
CVE
CVE
added yesterday13 views

CVE-2026-15548

CVE-2026-15548 affects Shibby Tomato up to version 1.28.0000. The flaw resides in the DNS List Rendering component, specifically the function sub_407220 in /usr/sbin/httpd, where a stack-based buffer overflow can be triggered remotely. The vulnerability is described across multiple sources as ena...

9CVSS7.2AI score0.00738EPSS
Exploits0References5
Cvelist
Cvelist
added yesterday16 views

CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets

This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...

9.6CVSS0.00478EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday9 views

Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

6.9CVSS6.2AI score0.00614EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday14 views

Astro SSR - Server-Side Request Forgery

Astro before 5.17.3 and @astrojs/node before 9.5.4 are vulnerable to full-read SSRF due to improper Host header validation in error page rendering, allowing attackers to redirect requests and access internal resources. id: CVE-2026-25545 info: name: Astro SSR - Server-Side Request Forgery author:...

8.6CVSS6.1AI score0.01414EPSS
Exploits1References3
Cvelist
Cvelist
added yesterday14 views

CVE-2026-15551 Samsung rlottie: Numeric truncation in gray_hline() leads to heap-based buffer overflow when rendering a crafted Lottie animation at native canvas size

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects...

5.5CVSS0.00081EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago3 views

Fedora 44 : webkitgtk (2026-3bc4b3ccb3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3bc4b3ccb3 advisory. Fire scrollend event for instant programmatic scrolls. Increase network idle connection timeout to 115 seconds. Fix several crashes and rendering...

8.8CVSS7.1AI score0.72648EPSS
Exploits15References24
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-39126

SiYuan: Stored XSS in Bazaar marketplace via package README event handlers...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 4 days ago34 views

CVE-2026-59791

The CVE-2026-59791 affects JetBrains YouTrack prior to version 2026.2.17012, where CSS injection was possible through Mermaid diagram rendering. According to the available sources, the vulnerability is tied to the Mermaid diagram rendering component and could impact user interface rendering, with...

3.5CVSS6.1AI score0.00135EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-59791

In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible...

3.5CVSS0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-54267

A flaw was found in the Angular framework's client-side hydration feature for Server-Side Rendered SSR applications. This vulnerability, known as DOM Clobbering, allows a remote attacker to inject malicious data into the application's internal data cache. By exploiting a predictable identifier us...

8.6CVSS6AI score0.00179EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-59926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, renderadmonition in src/mistune/directives/admonition.py concatenates the...

6.1CVSS6.1AI score0.00191EPSS
Exploits0References3
NVD
NVD
added 6 days ago7 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DRUPAL-CONTRIB-2026-075

This module enables you to use Single Directory Components in site building views, field formatters, blocks, layouts and it improves the Developer Experience DX with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios. This vulnerability is...

5.4CVSS6AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-59927

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS0.00307EPSS
Exploits1References3
NVD
NVD
added 6 days ago7 views

CVE-2026-59895

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class...

6.1CVSS0.00187EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References7
Rows per page
Query Builder