Lucene search
K

348 matches found

EUVD
EUVD
added 2026/03/11 12:11 a.m.4 views

EUVD-2026-10907

Wisp Vulnerable to Path Traversal...

8.7CVSS5.8AI score0.01056EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/06 9:3 p.m.3 views

Directory Traversal

Overview std/os is a Go standard library package std/os Affected versions of this package are vulnerable to Directory Traversal. Go Vulnerability Report:On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file...

4.8CVSS6.2AI score0.00201EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/06 5:3 p.m.31 views

CVE-2026-29087 @hono/node-server: Authorization bypass for protected static paths via encoded slashes in Serve Static Middleware

@hono/node-server allows running the Hono application on Node.js. Prior to version 1.19.10, when using @hono/node-server's static file serving together with route-based middleware protections e.g. protecting /admin/, inconsistent URL decoding can allow protected static resources to be accessed...

7.5CVSS0.00327EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 10:9 p.m.26 views

CVE-2026-29045

CVE-2026-29045 affects the Hono web framework used by IBM App Connect Enterprise/Certified Container. Prior to 4.12.4, using serveStatic with route-based middleware protections could bypass authorization due to a mismatch: the router decoded with decodeURI while serveStatic used decodeURIComponen...

9.8CVSS5.8AI score0.00437EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/02 10:19 p.m.3 views

Directory Traversal

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Directory Traversal via the static file serving API. An attacker can access files outside the intended directory by placing symbolic links within the root directory and requesting those...

5.5CVSS6.5AI score0.00131EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/21 5:15 a.m.5 views

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS5.2AI score0.00556EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/21 5:15 a.m.21 views

CVE-2026-27199 Werkzeug safe_join() allows Windows special device names

Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safejoin function allows Windows device names as filenames if preceded by other path segments. This was previously reported as GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that...

6.3CVSS0.00556EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/19 8:32 p.m.8 views

Werkzeug safe_join() allows Windows special device names

Werkzeug's safejoin function allows Windows device names as filenames if when preceded by other path segments. This was previously reported as https://github.com/pallets/werkzeug/security/advisories/GHSA-hgf8-39gv-g3f2, but the added filtering failed to account for the fact that safejoin accepts...

6.3CVSS5.5AI score0.00556EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/15 12:0 a.m.8 views

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for LTE/NR networks. Versions of Open5GS 2.7.6 and earlier contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the function...

9.8CVSS6AI score0.00678EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/12 1:4 a.m.9 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS5.4AI score0.00183EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 7:15 p.m.8 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS0.00183EPSS
Exploits1References2
OSV
OSV
added 2026/02/11 7:15 p.m.4 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

6.1CVSS5.5AI score0.00183EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.8 views

PT-2026-7650

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

5.4AI score0.00183EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 12:0 a.m.4 views

CVE-2025-70297

A stored cross-site scripting XSS vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an uploaded SVG file that is served as image/svg+xml and rendered by a victim s browser...

5.4AI score0.00183EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 12:0 a.m.10 views

CVE-2025-70297

Mealie 3.3.1 contains a stored XSS in the recipe asset upload and media serving component. Remote authenticated users can inject arbitrary scripts via an uploaded SVG file served as image/svg+xml and rendered in a victim’s browser. The reports across NVD/Red Hat/OSV indicate the vulnerability aff...

6.1CVSS5.4AI score0.00183EPSS
Exploits1References2Affected Software1
Packet Storm News
Packet Storm News
added 2026/02/08 12:0 a.m.3 views

Rethinking Latency Denial-Of-Service: Attacking the LLM Serving Framework, Not the Model

Large Language Models face an emerging and critical threat known as latency attacks. Because LLM inference is inherently expensive, even modest slowdowns can translate into substantial operating costs and severe availability risks. Recently, a growing body of research has focused on algorithmic...

5.5AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/02 12:31 p.m.3 views

fluoriclogppka (>=0.1.0 <=0.2.7), h2o-wave-ml (>=0.3.0 <=0.5.0) +3 more potentially affected by CVE-2024-5986 via h2o (>=3.18.0.8 <=3.44.0.3)

h2o PYPI version =3.18.0.8, =0.1.0, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-5986 Source advisory: OSV:GHSA-WJ3H-WX8G-X699...

9.1CVSS7.2AI score0.00629EPSS
Exploits0
OSV
OSV
added 2026/01/28 9:41 p.m.6 views

GHSA-Q5C6-H22R-QPWR NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload

Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...

9.4CVSS5.9AI score0.00385EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/01/28 9:41 p.m.20 views

NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload

Summary A stored Cross-site Scripting XSS vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated users can upload malicious SVG files containing embedded JavaScript, which are later rendered inline and executed in the browsers of other users who view the attachment. Because...

9.4CVSS5.9AI score0.00385EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/01/17 11:2 a.m.5 views

EUVD-2026-3138

A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwcs11handlecreateindirectdataforwardingtunnelrequest of the file /src/sgwc/s11-handler.c. Executing a manipulation can lead to reachable assertion. The attack can be executed remotely. The exploit has been publicly...

6.9CVSS6.3AI score0.0072EPSS
Exploits1References6
Rows per page
Query Builder