Lucene search
K

23 matches found

Cvelist
Cvelist
added 2026/06/10 9:45 p.m.37 views

CVE-2026-46559 ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...

4CVSS0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 4:50 p.m.16 views

CVE-2026-41250

Summary: CVE-2026-41250 affects Taiga-front prior to version 6.9.1, where a stored XSS vulnerability exists. The issue is fixed in 6.9.1. The provided CVSS metrics indicate a base score of 5.7 (Medium) with network access, low attack complexity, required user interaction, and high confidentiality...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:50 p.m.6 views

CVE-2026-41250

Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1...

5.7CVSS5.8AI score0.00284EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.11 views

Taiga 跨站脚本漏洞

Taiga is an open-source project management tool developed by Taiga Open Source. Versions of Taiga prior to 6.9.1 had a cross-site scripting vulnerability, which allowed attackers to inject malicious scripts into front-end input fields...

5.7CVSS5.6AI score0.00284EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 9:9 a.m.3 views

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

5.1CVSS5.7AI score0.00349EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/18 4:17 p.m.9 views

pypdf has inefficient decoding of array-based streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries. Patches This has been fixed in pypdf==6.9.1. Workarounds If you cannot upgrade yet, consider applying the...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/17 4:16 p.m.8 views

PYSEC-2026-117

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/03/17 3:26 p.m.14 views

CVE-2026-21886

OpenCTI CVE-2026-21886 describes a validation gap in the GraphQL mutation IndividualDeletionDeleteMutation that could let a user delete unrelated or sensitive objects (e.g., analyses, reports) due to lack of contextual checks. Affected software: OpenCTI prior to version 6.9.1. Root cause: API mut...

8.1CVSS5.8AI score0.00227EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/17 3:26 p.m.5 views

CVE-2026-21886

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/13 9:17 a.m.11 views

BIT-WORDPRESS-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API

WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature block-level collaboration annotations was introduced in WordPress 6.9 to allow editorial comments directly on posts in the block editor. However, the REST API createitempermissionscheck method in...

4.3CVSS5.8AI score0.00305EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/09 9:41 p.m.2 views

CVE-2026-28692

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesization resulting in a heap over-read. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41...

4.8CVSS5.8AI score0.00258EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/22 12:0 a.m.3 views

CVE-2025-66428

An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation...

5.4AI score0.00418EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.8 views

WebPros WordPress Toolkit security vulnerabilities

The WebPros WordPress Toolkit is a WordPress management platform provided by the Swiss company WebPros. Versions of the WebPros WordPress Toolkit prior to 6.9.1 contained security vulnerabilities; these vulnerabilities were caused by issues with the WordPress directory names, which could lead to...

8.8CVSS5.8AI score0.00418EPSS
Exploits0References2
CVE
CVE
added 2025/12/31 8:7 p.m.37 views

CVE-2025-47566

CVE-2025-47566 refers to a Cross‑Site Scripting vulnerability in the ZoomSounds WordPress plugin. The description and connected docs confirm it is a Reflected XSS caused by improper neutralization of input during web page generation, affecting ZoomSounds:

7.1CVSS5.2AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2025/10/24 2:32 p.m.5 views

OESA-2025-2494 qt5-qtimageformats security update

The core Qt Gui library by default supports reading and writing image files of the most common file formats: PNG, JPEG, BMP, GIF and a few more, ref. Reading and Writing Image Files. The Qt Image Formats add-on module provides optional support for other image file formats. Security Fixes: When...

5.5CVSS6.9AI score0.00203EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/02 9:46 p.m.14 views

CVE-2025-24525

Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the end user does not replace the TLS certificate that shipped with the device. Remediation is available ...

8.7CVSS7AI score0.00242EPSS
Exploits0References1
CVE
CVE
added 2025/09/30 11:4 p.m.23 views

CVE-2025-24525

CVE-2025-24525 affects Keysight Ixia Vision Product Family. The issue arises from hardcoded cryptographic material, which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication if the TLS certificate shipped with the device is not replaced. ...

8.7CVSS6.7AI score0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.7 views

PT-2025-40033

Name of the Vulnerable Software and Affected Versions Keysight Ixia Vision versions prior to 6.9.1 Description Keysight Ixia Vision contains hardcoded cryptographic material. This may allow an attacker to intercept or decrypt payloads sent to the device via API calls or user authentication. The...

8.7CVSS6.7AI score0.00242EPSS
Exploits0References10
OSV
OSV
added 2025/05/23 1:15 p.m.6 views

CVE-2025-47568

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91...

9.8CVSS5.8AI score0.00431EPSS
Exploits0References1
Rows per page
Query Builder