Lucene search
K

3307 matches found

Nuclei
Nuclei
added 16 hours ago45 views

RiteCMS 3.0.0 - Cross-site Scripting

RiteCMS v3.0.0 contains a reflected XSS caused by unsanitized input in the mainmenu/editsection component, letting attackers execute arbitrary scripts in the context of the victim's browser. id: CVE-2024-28623 info: name: RiteCMS 3.0.0 - Cross-site Scripting author: 0xAkoko severity: medium...

6.1CVSS6.3AI score0.01317EPSS
Exploits4References2
NVD
NVD
added yesterday6 views

CVE-2026-15520

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS0.00136EPSS
Exploits0References10
Cvelist
Cvelist
added yesterday32 views

CVE-2026-15520 GNU LibreDWG R2004 Section Decompression decode.c decompress_R2004_section heap-based overflow

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS0.00136EPSS
Exploits0References10
EUVD
EUVD
added yesterday10 views

EUVD-2026-43263

A vulnerability was determined in GNU LibreDWG 0.13.4-154-g0b573035. This impacts the function decompressR2004section of the file src/decode.c of the component R2004 Section Decompression. Executing a manipulation can lead to heap-based buffer overflow. The attack requires local access. The explo...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References10
CVE
CVE
added yesterday12 views

CVE-2026-15520

GNU LibreDWG 0.13.4-154-g0b573035 contains a vulnerability in the function decompress_R2004_section (src/decode.c) that can cause a heap-based buffer overflow . Exploitation requires local access and has been publicly disclosed. The issue affects the R2004 Section Decompression component and is a...

5.3CVSS6.1AI score0.00136EPSS
Exploits0References10
CVE
CVE
added 4 days ago9 views

CVE-2026-55782

NanaZip (a 7-Zip derivative) is affected by an unbounded memory allocation vulnerability in its WebAssembly archive handler (NanaZip.Codecs.Archive.WebAssembly.cpp). The issue arises when buffers are allocated from attacker-controlled 32-bit section and custom-name length fields without cross-che...

2.4CVSS6.1AI score0.00113EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-55782 NanaZip: Unbounded memory allocation (DoS) in NanaZip WebAssembly parser via attacker-controlled section/name length fields

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's WebAssembly archive handler in NanaZip.Codecs.Archive.WebAssembly.cpp allocates buffers from attacker-controlled 32-bit section and custom-name length fields without validating them against...

2.4CVSS0.00113EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 12:0 a.m.4 views

ALSA-2026:36049 Important: kernel-rt security, bug fix, and enhancement update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: scsi: target: iscsi: Fix use-after-free in iscsitdecconnusagecount CVE-2026-23216 kernel: gfs2: Fix use-after-free in iomap inline...

7.8CVSS6AI score0.0031EPSS
Exploits0References8
NVD
NVD
added 2026/07/03 2:16 a.m.8 views

CVE-2026-12731

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00206EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/03 1:28 a.m.9 views

EUVD-2026-41470

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
CVE
CVE
added 2026/07/03 1:28 a.m.19 views

CVE-2026-12731

The CVE-2026-12731 entry concerns the weDocs WordPress plugin (Docs, Documentation, Wiki & AI Chatbot). Affected: all versions up to 2.3.0. Issue: Stored Cross-Site Scripting via the Block Attributes sectionTitleTag and articleTitleTag, caused by insufficient input sanitization and output escapin...

6.4CVSS5.9AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/03 1:28 a.m.43 views

CVE-2026-12731 weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes

The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sectionTitleTag' and 'articleTitleTag' Block Attributes in all versions up to, and including, 2.3.0 due to insufficient input sanitization and outpu...

6.4CVSS0.00206EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55441

Name of the Vulnerable Software and Affected Versions weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot versions prior to 2.3.1 Description Insufficient input sanitization and output escaping allow authenticated attackers with contributor-level access and above to perform...

6.4CVSS6.1AI score0.00206EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/02 6:47 p.m.7 views

EUVD-2026-41215

Craft CMS: Authorization bypass in entries/move-to-section via missing target-section save check...

6CVSS5.8AI score0.00273EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 4:17 a.m.9 views

CVE-2026-57268

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.00286EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 2:20 a.m.14 views

CVE-2026-57268

GeoWebPlayer’s Websocket server exposes a saveVideo command where the provided index is not validated before it's used to access internal arrays and call a function pointer in CCriticalSection. This out-of-bounds access can reach the critical section and release path, potentially enabling code ex...

8.3CVSS5.8AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 12:16 a.m.7 views

CVE-2026-50280

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS0.00273EPSS
Exploits0References2
OSV
OSV
added 2026/07/02 12:0 a.m.5 views

UBUNTU-CVE-2026-20214

A vulnerability in the FSG file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in FSG...

7.5CVSS7AI score0.00463EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 11:43 p.m.36 views

CVE-2026-50280 Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS0.00273EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:43 p.m.19 views

CVE-2026-50280

Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section-&gt;uid instead of requiring saveEntries permission; source entry p...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
Rows per page
Query Builder