Lucene search
+L

3360 matches found

Debian CVE
Debian CVE
added 2026/06/17 7:59 p.m.8 views

CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.4AI score0.0012EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/16 9:27 a.m.15 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.6

Red Hat OpenShift Service Mesh 3.2.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.2....

7.5CVSS5.7AI score0.00815EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:37 a.m.15 views

Malicious code in datacamp-light (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 234a0d37873455b7db32068745d93ed29aafa596877b39949280b4ec0621ad6b datacamp-light 99.0.0 impersonates DataCamp's internal package name='datacamp-light', author='DataCamp',...

5.6AI score
Exploits0References2
OSV
OSV
added 2026/06/16 4:58 a.m.7 views

MGASA-2026-0213 Updated emacs packages fix security vulnerability

Memory corruption vulnerability when processing svg css. CVE-2026-6861...

7.1CVSS5.4AI score0.00108EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 12:29 a.m.19 views

Malicious code in tailwind-typography-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5b1eea6bfed81a0e57b9af519c45155347e3937a20dc8ef4e9ab1cae6ff73d The package impersonates @tailwindcss/typography by name and ships a verbatim copy of tailwindlabs/tailwindcss-typography's src/ tree index.js,...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/16 12:29 a.m.12 views

MAL-2026-5854 Malicious code in tailwind-typography-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5b5b1eea6bfed81a0e57b9af519c45155347e3937a20dc8ef4e9ab1cae6ff73d The package impersonates @tailwindcss/typography by name and ships a verbatim copy of tailwindlabs/tailwindcss-typography's src/ tree index.js,...

5.5AI score
Exploits0References2
OSV
OSV
added 2026/06/15 5:37 p.m.10 views

MAL-2026-5818 Malicious code in mlir-aie (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 b322e48aca1ca0a746c94d2a935756a1303b61a1530cf39bedf9f75097269bad Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/14 10:9 a.m.18 views

Malicious code in bash8 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e665213ba552605420b2269888e041b8b8af4c9e8314d731a8aa246f0fefd748 Package is published as 'bash8' matching an existing PyPI bash linter but installs a top-level module named 'cacertificates' whose only content is a...

6.1AI score
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/13 12:3 a.m.18 views

mod_http2 security update

An update is available for modhttp2. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of...

7.5CVSS5.5AI score0.11471EPSS
Exploits8
Github Security Blog
Github Security Blog
added 2026/06/12 9:53 p.m.51 views

File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...

6.8CVSS5.7AI score0.00189EPSS
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added 2026/06/12 5:49 p.m.86 views

katex-xss-test

KaTeX render test Inline href: $\hrefjavascript:alertdocume...

5.3AI score
Exploits0
OSV
OSV
added 2026/06/12 5:49 p.m.15 views

MAL-2026-5702 Malicious code in flexitest (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 17f4bae10d193f8128f50dd3010d283dc89016fa468fc8d9b428b5183c505b27 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.6AI score
Exploits0References1
Snyk
Snyk
added 2026/06/11 1:54 p.m.12 views

Malicious Package

Overview sitecore-mm-component-style is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:54 p.m.10 views

MAL-2026-5671 Malicious code in sitecore-mm-component-style (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1e025725001efb60959449e734f39db775cc54e77abb0c97364f7929cf54a8c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.5AI score
Exploits0References1
Snyk
Snyk
added 2026/06/11 1:54 p.m.12 views

Malicious Package

Overview archetype-style is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.33 views

RockyLinux 8 : httpd:2.4 (RLSA-2026:25090)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25090 advisory. httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 Tenable has extracted the preceding description block...

7.5CVSS5.4AI score0.11471EPSS
Exploits8References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 10:38 p.m.13 views

Malicious code in icinga (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbedb312e9cfe0f5cc7783487adc963f142ebcaefa0fb9305a9a535f373b052d PyPI package 'icinga' at version 99.1.0 is a dependency-confusion / typosquat lure against the Icinga monitoring project. It ships no real...

5.7AI score
Exploits0References3
NVD
NVD
added 2026/06/10 8:17 p.m.15 views

CVE-2026-46683

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 7:53 p.m.10 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.3AI score0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 7:53 p.m.30 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
Rows per page
Query Builder