Lucene search
K

4281973 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-43515

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS
Exploits0References4
CVE
CVE
added 2 hours ago7 views

CVE-2026-58228

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS6.2AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2 hours ago3 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS
Exploits0References4
OSV
OSV
added 2 hours ago1 views

RLSA-2026:36211 Moderate: freeipmi security update

The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2 hours ago1 views

RLSA-2026:38500 Important: maven:3.9 security update

Maven is a software project management and comprehension tool. Based on the concept of a project object model POM, Maven can manage a project's build, reporting and documentation from a central piece of information. Security Fixes: org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Travers...

8.3CVSS0.00663EPSS
Exploits0References2
OSV
OSV
added 2 hours ago3 views

RLSA-2026:36210 Moderate: freeipmi security update

The freeipmi packages contain an Intelligent Platform Management Interface IPMI remote console and system management software based on the IPMI specification. Security Fixes: freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client CVE-2026-50031 For more details about the...

7.5CVSS6.2AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2 hours ago1 views

RLSA-2026:36215 Important: compat-openssl10 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1. Security Fixes: openssl: Heap...

8.1CVSS0.02719EPSS
Exploits0References2
OSV
OSV
added 2 hours ago1 views

GHSA-4CHG-4752-W88R NukeViet: Pre-authentication SSRF via X-Forwarded-Host

Summary An unauthenticated attacker can coerce the server into issuing HTTP requests to an attacker-chosen host by spoofing the X Forwarded-Host and X-Forwarded-Proto request headers. The forwarded host is used, without validation, to build the URL that serverinfoupdate fetches with cURL, resulti...

7.2CVSS
Exploits0References2
OSV
OSV
added 2 hours ago1 views

GHSA-C9XG-64P9-F2JJ NukeViet: Path Traversal to Arbitrary File Deletion in Edit Comment Function

Summary Path Traversal to Arbitrary File Deletion in the Edit Comment admin function. An authenticated administrator can delete arbitrary files within the application root e.g., config.php by injecting a crafted attach parameter, rendering the application inoperable. Affected Component...

8.7CVSS
Exploits0References2
OSV
OSV
added 2 hours ago1 views

GHSA-465G-4Q99-5X86 NukeViet: Multiple Anti-XSS Filter Bypasses Leading to Stored XSS in News Module

Summary Two filter-bypass techniques in NukeViet\Core\Request::filterAttr and NukeViet\Core\Request::unhtmlentities allow a low-privileged user any account with news post permission to store and serve arbitrary JavaScript to any visitor of the affected page. Affected Component...

8.7CVSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2 hours ago3 views

Security Bulletin: IBM DataStage Flow Designer application is affected by an information disclosure vulnerability (CVE-2026-9836)

Summary An information disclosure vulnerability was addressed in IBM DataStage Flow Designer . Vulnerability Details CVEID:CVE-2026-9836 DESCRIPTION: IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. CWE:CWE-200: Exposure of...

7.5CVSS5.8AI score0.00241EPSS
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2 hours ago3 views

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems. Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in...

6.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2 hours ago4 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS6.9AI score0.00805EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2 hours ago4 views

Important: Red Hat Security Advisory: compat-openssl11 security update

An update for compat-openssl11 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...

8.8CVSS6.9AI score0.02719EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 hours ago4 views

openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

A flaw was found in OpenSSL. When processing a specially crafted PKCS7 or S/MIME Secure/Multipurpose Internet Mail Extensions signed message, a heap use-after-free vulnerability in the PKCS7verify function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an emp...

8.8CVSS7AI score0.02719EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 hours ago5 views

CVE-2026-50162

A flaw was found in oras-go. The file content store, intended to confine writes to a specified working directory, does not properly account for symbolic link symlink traversal. A remote attacker, by providing a specially crafted blob title, could exploit this vulnerability to create files outside...

5.3CVSS6.2AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 2 hours ago3 views

CVE-2026-39245

A flaw was found in the decompress component. An improper path containment check allows a local attacker to perform directory traversal. This vulnerability, when combined with unvalidated symlink creation, enables an attacker to write arbitrary files to directories outside the intended extraction...

6.2CVSS6.1AI score0.00272EPSS
Exploits1References7
OSV
OSV
added 3 hours ago2 views

GHSA-W2W5-W2PW-R929 NukeViet: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary A stored cross-site scripting XSS vulnerability exists in NukeViet CMS versions 4.x through 4.5.08. A low-privileged authenticated user can store a JavaScript payload in their profile's display name fields. The payload executes in the browser of any visitor — including administrators — wh...

8.7CVSS
Exploits0References2
CVE
CVE
added 3 hours ago6 views

CVE-2026-49259

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

Exploits0
Github Security Blog
Github Security Blog
added 3 hours ago3 views

NukeViet: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary A stored cross-site scripting XSS vulnerability exists in NukeViet CMS versions 4.x through 4.5.08. A low-privileged authenticated user can store a JavaScript payload in their profile's display name fields. The payload executes in the browser of any visitor — including administrators — wh...

6.2AI score
Exploits0References2Affected Software1
Rows per page
Query Builder