Lucene search
K

534 matches found

CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-21 and 6.9.13-46 contained security vulnerabilities. These vulnerabilities were due ...

5.5CVSS5.9AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/08 6:52 p.m.20 views

CVE-2026-41511

CVE-2026-41511 affects the OpenMcdf .NET/C# library for Compound File Binary (CFB) manipulation. Before version 3.1.3, the library failed to detect cycles in the directory-entry red–black tree, allowing a crafted CFB file to create a cycle in LeftSiblingID/RightSiblingID that causes Storage.Enume...

6.2CVSS5.7AI score0.00187EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 6:52 p.m.15 views

CVE-2026-41511 OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...

6.2CVSS5.7AI score0.00187EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.15 views

PT-2026-39747

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-21 ImageMagick versions prior to 6.9.13-46 Description An overflow can be triggered when a user opens a malicious MIFF file in the display tool and right-clicks a tile to invoke the Load / Update menu item...

5.5CVSS5.8AI score0.0013EPSS
Exploits0References104
Github Security Blog
Github Security Blog
added 2026/04/22 10:9 p.m.28 views

OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

Summary OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the LeftSiblingID / RightSiblingID chain causes Storage.EnumerateEntries and Storage.OpenStream to loop indefinitely, consuming the calling thre...

6.2CVSS5.8AI score0.00187EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/04/22 10:9 p.m.7 views

Infinite loop

Overview OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Affected versions of this package are vulnerable to Infinite loop through the MoveNext traversal logic in the directory tree enumeration code. An attacker can...

6.9CVSS5.8AI score0.00187EPSS
Exploits1References2
NVD
NVD
added 2026/04/22 9:16 a.m.14 views

CVE-2026-6246

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 7:45 a.m.18 views

CVE-2026-6246

CVE-2026-6246 affects the WordPress plugin Simple Random Posts Shortcode (versions up to 0.3). The issue is Stored Cross-Site Scripting via the container_right_width attribute of the simple_random_posts shortcode, caused by insufficient input sanitization and output escaping on user-supplied attr...

6.4CVSS5.9AI score0.00232EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 7:45 a.m.8 views

CVE-2026-6246

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS5.9AI score0.00232EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 7:45 a.m.40 views

CVE-2026-6246 Simple Random Posts Shortcode <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'container_right_width' Shortcode Attribute

The Simple Random Posts Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'containerrightwidth' attribute of the 'simplerandomposts' shortcode in all versions up to, and including, 0.3 due to insufficient input sanitization and output escaping on user supplied...

6.4CVSS0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.13 views

WordPress plugin Simple Random Posts Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/04/18 8:7 a.m.10 views

[Webinar] Eliminate Ghost Identities Before They Expose Your Enterprise Data

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI age...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/15 7:16 p.m.6 views

CVE-2026-4857

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

8.4CVSS0.00269EPSS
Exploits0References1
OSV
OSV
added 2026/04/08 3:0 p.m.1 views

GHSA-H259-74H5-4RH9 XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

8.6CVSS5.9AI score0.0054EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.5 views

XWiki vulnerable to remote code execution with script right through unprotected Velocity scripting API

Impact An improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python scripts, allowing full access to the XWiki instance and thereby compromising the confidentiality, integrity and availability of...

9.8CVSS5.9AI score0.0054EPSS
Exploits1References6Affected Software2
Cvelist
Cvelist
added 2026/04/08 2:53 p.m.19 views

CVE-2026-33229 XWiki Platform affected by remote code execution with script right through unprotected Velocity scripting API

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS0.0054EPSS
Exploits1References4
CVE
CVE
added 2026/04/08 2:53 p.m.19 views

CVE-2026-33229

XWiki Platform is affected by a remote-code-execution vulnerability due to an improperly protected scripting API that lets users with script right bypass the Velocity sandbox and run arbitrary code (e.g., Python scripts). This can grant full access to the XWiki instance, compromising confidential...

9.8CVSS6.1AI score0.0054EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31324

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script right to bypass the sandboxing of the Velocity scripting API and execute, e.g., arbitrary Python...

8.6CVSS6.1AI score0.0054EPSS
Exploits1References5
Metasploit
Metasploit
added 2026/04/07 7:1 p.m.493 views

Windows Service for User (S4U) Scheduled Task Persistence - Logon Trigger

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/07 12:0 a.m.6 views

Windows Service for User (S4U) Scheduled Task Persistence Event Trigger

This Metasploit module creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires...

5.9AI score
Exploits0
Rows per page
Query Builder