Lucene search
+L

1397991 matches found

CVE
CVE
added 1 hour ago20 views

CVE-2026-54243

Statamic is a Laravel and Git powered content management system CMS. Prior to 5.73.24 and 6.20.1, form submission values in src/Forms/Exporters/CsvExporter.php were not neutralized for spreadsheet formula characters when exported to CSV. A submission containing a value beginning with a formula...

6.1CVSS5.3AI score
Exploits0References5
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-54163 secure_headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...

4.7CVSS0.00031EPSS
Exploits0References3
CVE
CVE
added 1 hour ago9 views

CVE-2026-54163

secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...

4.7CVSS5.3AI score0.00031EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 1 hour ago3 views

Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)

Header | Field | Value | |---|---| | Title | Extension-denylist bypass via case-folding asymmetry in name-override path incomplete-fix variant of CVE-2026-27641 | | Project | Flask-Reuploaded flaskuploads | | Affected | extension"shell.php" = "php" - extensionallowed"php" - DENY correct...

9.8CVSS5.8AI score0.01046EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2 hours ago3 views

Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader

Summary The TypeScript Prompty loader used gray-matter without overriding executable frontmatter engines. gray-matter supports JavaScript frontmatter blocks such as ---js and evaluates them while parsing. An attacker-controlled .prompty file could therefore execute arbitrary JavaScript during...

8.7CVSS5.7AI score
Exploits0References4Affected Software1
EUVD
EUVD
added 2 hours ago7 views

EUVD-2026-44939

Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader...

8.7CVSS5.9AI score
Exploits0References3
CVE
CVE
added 2 hours ago32 views

CVE-2026-50151

CVE-2026-50151 affects oras-go prior to 2.6.1. During monolithic blob uploads, blobStore.completePushAfterInitialPost reuses the initial POST’s Authorization header for a subsequent PUT, while following a registry-controlled Location header. A malicious registry can return a cross-host Location a...

7.5CVSS5.3AI score
Exploits0References4
CVE
CVE
added 2 hours ago4 views

CVE-2026-4938

CVE-2026-4938 affects IBM Verify Identity Access (11.0–11.0.2) and IBM Security Verify Access (10.0–10.0.9.1) plus their Identity Access/Verify Access Containers. The vulnerability allows an attacker with read-only privileges to perform unauthorized modifications and deployments outside their ass...

6.5CVSS5.3AI score
Exploits0References1
CVE
CVE
added 2 hours ago18 views

CVE-2026-4942

IBM i 7.3–7.6 (5770-SS1) is affected by CVE-2026-4942, which allows a remote attacker to send a crafted message that downgrades TLS to a version disabled by server configuration. The CVSSv3.1 base score is 5.9 (Impact: Confidentiality High, Integrity/Availability None; Attack Vector Network, Atta...

5.9CVSS5.4AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-4942 IBM i is Affected by Algorithm Downgrade in Transport Layer Security []

IBM i 7.6, 7.5, 7.4, and 7.3 could allow a remote attacker to send a specifically crafted message and downgrade the Transport Layer Security TLS protocol to a version disabled in the server configuration...

5.9CVSS
Exploits0References1
CVE
CVE
added 2 hours ago7 views

CVE-2026-7364

CVE-2026-7364 affects IBM Verify Identity Access (11.0–11.0.2), IBM Security Verify Access (10.0–10.0.9.1), and corresponding Identity/Access Containers. The issue is an open redirect vulnerability that could enable a remote attacker to phishing victims via specially crafted requests redirecting ...

3.1CVSS5.6AI score
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-7364 Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 and IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an...

3.1CVSS
Exploits0References1
NVD
NVD
added 2 hours ago2 views

CVE-2026-50185

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. From 0.1.1 until 0.5.4, the aarch64 implementations of Cmov and CmovEq in cmov/src/backends/aarch64.rs assume high bits ar...

2CVSS
Exploits0References3
NVD
NVD
added 2 hours ago2 views

CVE-2026-53712

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to 3.3, a flaw in com.ongres.scram:scram-client and com.ongres.scram:scram-common allows an attacker capable of a TLS...

8.2CVSS
Exploits0References2
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-8861 Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Security Verify could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

5.3CVSS
Exploits0References1
CVE
CVE
added 3 hours ago3 views

CVE-2026-8861

The CVE-2026-8861 entry concerns IBM Security Verify products (Identity Access and Security Verify Access). The issue arises when a detailed technical error message is returned in the browser, enabling a remote attacker to disclose sensitive information and potentially facilitate further attacks....

5.3CVSS5.3AI score
Exploits0References1
EUVD
EUVD
added 3 hours ago5 views

EUVD-2026-45257

IBM Langflow OSS 1.0.0 through 1.10.0 Langflow versions up to 1.9.2 commit 94981c443d4918517b9e8163d70fc598dc33a32d contain a code injection vulnerability in the Policies component's ToolGuard integration that bypasses the allowcustomcomponents=false security control. The vulnerability exists...

9.9CVSS6.1AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 3 hours ago3 views

plone.restapi: Stored XSS by spoofing mime type

Impact A stored XSS affecting RichText fields. RichTextValue.output returns the raw, unsanitized stored value whenever the stored mimeType equals the outputMimeType. Because the safe-HTML output type text/x-html-safe is the type that signifies "already sanitized", any value whose stored mimeType...

5.5AI score
Exploits0References3Affected Software1
CVE
CVE
added 3 hours ago22 views

CVE-2026-53712

The CVE describes a vulnerability in the OnGres SCRAM library (com.ongres.scram:scram-client and scram-common) where, prior to version 3.3, a TLS MITM can silently downgrade SCRAM-SHA-256-PLUS with channel binding to SCRAM-SHA-256 without channel binding when an X.509 certificate uses modern sign...

8.2CVSS5.4AI score
Exploits0References2
NVD
NVD
added 3 hours ago4 views

CVE-2026-48016

Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the Store API endpoint /store-api/handle-payment in src/Core/Checkout/Payment/SalesChannel/HandlePaymentMethodRoute.php accepts a user-controlled orderId and forwards it to src/Core/Checkout/Payment/PaymentProcessor.php witho...

4.3CVSS0.0005EPSS
Exploits0References5
Rows per page
Query Builder