Lucene search
K

22704 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2024-24347

GeoNode: Stored XSS to full account takeover...

6.1CVSS6.4AI score0.00376EPSS
Exploits0References4
OSV
OSV
added yesterday9 views

ROOT-OS-DEBIAN-12-CVE-2026-3184 CVE-2026-3184 in rootio-util-linux - Patched by Root

Root has patched CVE-2026-3184 in the rootio-util-linux package for Root:Debian:12. Multiple fixed versions available...

5.3CVSS5.8AI score0.00436EPSS
Exploits0
OSV
OSV
added yesterday4 views

ROOT-APP-NPM-CVE-2026-45732 CVE-2026-45732 in @rootio/n8n - Patched by Root

Root has patched CVE-2026-45732 in the @rootio/n8n package for Root:npm. Multiple fixed versions available...

8.3CVSS5.8AI score0.00315EPSS
Exploits0
Nuclei
Nuclei
added yesterday250 views

Vite - Arbitrary File Read

Vite, a provider of frontend development tooling, has a vulnerability in versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. @fs denies access to files outside of Vite serving allow list. Adding ?raw?? or ?import&raw?? to the URL bypasses this limitation and returns the file content if it...

7.5CVSS6.7AI score0.74998EPSS
Exploits28References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-49394 Frappe: Auth. bypass via update_page

Frappe is a full-stack web application framework. Prior to 16.19.0, authorization bypass was possible via the updatepage endpoint in Workspace because public workspaces did not receive the required Workspace Manager edit check. This issue is fixed in version 16.19.0...

7.1CVSS0.00307EPSS
Exploits0References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57221

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and...

5.3CVSS0.00269EPSS
Exploits1References6
CVE
CVE
added 4 days ago27 views

CVE-2026-55405

LangChain4j contains a SQL injection vulnerability in the embedding stores for MariaDB and pgvector. Prior to versions 1.2.1-beta8, 1.5.1-beta11, 1.11.8-beta19, and 1.16.3-beta26, metadata filter keys (and, for MariaDB, some string values) are concatenated directly into SQL in EmbeddingSearchRequ...

7.6CVSS6.2AI score0.00348EPSS
Exploits0References7
NVD
NVD
added 4 days ago8 views

CVE-2026-55843

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse...

7CVSS0.00298EPSS
Exploits0References3
Rockylinux
Rockylinux
added 4 days ago6 views

gstreamer1-plugins-bad-free security update

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GStreamer is a streaming media framework based on graphs ...

8.8CVSS6.2AI score0.0053EPSS
Exploits0
CVE
CVE
added 4 days ago24 views

CVE-2026-53363

CVE-2026-53363 affects the Linux kernel’s xfrm/iptfs path. The vulnerability arises because iptfs_consume_frags() fails to propagate the SKBFL_SHARED_FRAG flag when transferring paged fragments, mirroring the issue fixed in skb_try_coalesce() for CVE-2026-46300. The documented remediation is to a...

6AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 4 days ago5 views

ROOT-APP-PYPI-CVE-2024-23829 CVE-2024-23829 in rootio-aiohttp - Patched by Root

Root has patched CVE-2024-23829 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

6.5CVSS6.7AI score0.0102EPSS
Exploits1
OSV
OSV
added 4 days ago17 views

ROOT-APP-PYPI-CVE-2026-34525 CVE-2026-34525 in rootio-aiohttp - Patched by Root

Root has patched CVE-2026-34525 in the rootio-aiohttp package for Root:PyPI. Multiple fixed versions available...

5.3CVSS5.8AI score0.00288EPSS
Exploits0
OSV
OSV
added 4 days ago13 views

ROOT-APP-NPM-CVE-2026-44574 CVE-2026-44574 in @rootio/next - Patched by Root

Root has patched CVE-2026-44574 in the @rootio/next package for Root:npm. Multiple fixed versions available...

8.1CVSS5.8AI score0.00485EPSS
Exploits2
OSV
OSV
added 4 days ago19 views

ROOT-APP-NPM-CVE-2025-62718 CVE-2025-62718 in @rootio/axios - Patched by Root

Root has patched CVE-2025-62718 in the @rootio/axios package for Root:npm. Multiple fixed versions available...

9.9CVSS5.8AI score0.01161EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-59854

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, POST /api/file/globalCopyFiles accepts attacker-supplied absolute source paths and relies on util.IsSensitivePath in kernel/util/path.go, whose denylist misses common home-directory credential files such as...

4.9CVSS6AI score0.00278EPSS
Exploits0References5Affected Software1
NVD
NVD
added 5 days ago7 views

CVE-2026-59828

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This issue is fixed in versions 2026.6.0,...

5.3CVSS0.00314EPSS
Exploits0References9
CVE
CVE
added 5 days ago10 views

CVE-2026-59828

CVE-2026-59828 affects the Discourse open‑source discussion platform. Before versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, post revisions that should be hidden from regular users could be leaked through visible diffs on adjacent revisions serialized by PostRevisionSerializer. This could di...

5.3CVSS5.9AI score0.00314EPSS
Exploits0References9Affected Software1
CVE
CVE
added 5 days ago8 views

CVE-2026-55424

CVE-2026-55424 – Discourse topic featured link stored XSS . Discourse (open-source discussion platform) prior to versions 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5 allowed a mis-normalized/undescoped topic feature link to inject JavaScript when default Content Security Policy protections were mo...

7.4CVSS6AI score0.00468EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-49274 Kirby: `pages.access` permission is not checked in the pages picker for parent pages

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites using the pages field with roles that have the pages.access permission disabled allowed authenticated users to provide an inaccessible parent page or site to the page picker backend and confirm arbitrary page...

5.3CVSS0.00275EPSS
Exploits0References7
NVD
NVD
added 5 days ago9 views

CVE-2026-55420

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, under certain non-default configurations, processing of PDF uploads could be exploited to obtain RCE on the server. This issue is patched in 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5...

8.1CVSS0.0033EPSS
Exploits0References6
Rows per page
Query Builder