1393429 matches found
EUVD-2026-43172
ImageMagick before 7.1.2-19 contains a heap buffer overflow vulnerability in the magnify operation that allows attackers to read out of bounds memory. An unrecognized magnify:method value triggers an out of bounds read, potentially exposing sensitive information or causing denial of service...
EUVD-2026-43171
Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...
CVE-2026-56303
Capgo before 12.128.2 contains an information disclosure in the PostgreSQL function find_apikey_by_value (marked SECURITY DEFINER) that can be executed by the anon role. An unauthenticated caller can hit the /rest/v1/rpc/find_apikey_by_value endpoint to retrieve API key metadata such as user_id, ...
CVE-2026-57828
creationtimestamp| type| source ---|---|--- 2026-07-11 10:24:04+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqeh2ucr3v2b 2026-07-11 10:41:33+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqei242wbd2c 2026-07-11 11:37:49+00:00| seen|...
GHSA-FXHP-MV3V-67QP vulnerabilities
Vulnerabilities for packages: oras, oras-fips...
GHSA-FXHP-MV3V-67QP vulnerabilities
Vulnerabilities for packages: oras...
CVE-2026-4661
creationtimestamp| type| source ---|---|--- 2026-07-11 07:38:03+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5rxtqrn2e 2026-07-11 07:50:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6hic4ql2k 2026-07-11 08:00:38+00:00| seen|...
CVE-2026-6801
creationtimestamp| type| source ---|---|--- 2026-07-11 07:35:28+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5nejffn2e 2026-07-11 08:02:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe76hgzi22x...
CVE-2026-52761
A flaw was found in ModSecurity, an open-source web application firewall WAF. The t:utf8toUnicode transformation function, responsible for converting UTF-8 encoded characters to Unicode, generates incorrect output on i386 architectures. This vulnerability allows an attacker to bypass WAF rules,...
CVE-2026-10865
creationtimestamp| type| source ---|---|--- 2026-07-11 07:34:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5kutobe2i 2026-07-11 08:32:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqeatdoff72k...
CVE-2026-15155
creationtimestamp| type| source ---|---|--- 2026-07-11 07:32:48+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqe5imu2qi2e 2026-07-11 07:59:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqe6xqk3ap2g 2026-07-11 08:00:32+00:00| seen|...
CVE-2026-13353
creationtimestamp| type| source ---|---|--- 2026-07-11 04:40:38+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqdtuqz2qt27 2026-07-11 05:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mqduyyvv3g25 2026-07-11 06:37:34+00:00| seen|...
kkFileView 4.1.0 - Cross-Site Scripting
kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion
AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to local file inclusion. id: CVE-2022-23854 info: name: AVEVA InTouch Access Anywhere Secure Gateway - Local File Inclusion author: For3stCo1d severity: high description: | AVEVA InTouch Access Anywhere Secure Gateway is vulnerable to loc...
Advantech R-SeeNet - Cross-Site Scripting
Advantech R-SeeNet contains a cross-site scripting vulnerability in the devicegraphpage.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution. id: CVE-2021-21801 info: name: Advantech R-SeeNet - Cross-Site Scripting author: gy74...
Jenzabar 9.2x-9.2.2 - Cross-Site Scripting
Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting vulnerability. It allows /ics?tool=search&query. id: CVE-2021-26723 info: name: Jenzabar 9.2x-9.2.2 - Cross-Site Scripting author: pikpikcu severity: medium description: Jenzabar 9.2.x through 9.2.2 contains a cross-site scripting...
IceWarp Mail Server - Open Redirect
IceWarp Mail Server contains an open redirect via the referer parameter. This can lead to phishing attacks or other unintended redirects. id: CVE-2021-36580 info: name: IceWarp Mail Server - Open Redirect author: DhiyaneshDk severity: medium description: | IceWarp Mail Server contains an open...
Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation
The WaspThemes Visual CSS Style Editor aka yellow-pencil-visual-theme-customizer plugin before 7.2.1 for WordPress allows ypoptionupdate CSRF, as demonstrated by use of ypremoteget to obtain admin access. id: CVE-2019-11886 info: name: Yellow Pencil Visual Theme Customizer 7.2.1 - Privilege...
White Star Software ProTop - Directory Traversal
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences. id: CVE-2025-44177 info: name:...
SAP Solution Manager - Open Redirect
SAP Solution Manager contains an open redirect vulnerability via the logoff endpoint. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-26836 info: name: SAP Solution Manager - Open...