Lucene search
K

272 matches found

Fedora
Fedora
added 2026/07/01 1:22 a.m.13 views

[SECURITY] Fedora 43 Update: python-django-haystack-3.4.0-1.fc43

Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...

5.8AI score
Exploits0
Fedora
Fedora
added 2026/07/01 1:2 a.m.20 views

[SECURITY] Fedora 44 Update: python-django-haystack-3.4.0-1.fc44

Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends such as Solr, Elasticsearch, Whoosh, Xapian, etc. without having to modify your code. Haystack is BSD licensed, plays nicely with third-party app without needing t...

5.8AI score
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 3:34 p.m.10 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS5.8AI score0.00126EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 6:42 p.m.4 views

DRUPAL-CONTRIB-2026-060

The optional Paragraphs Library module allows the reuse of paragraphs in multiple places. The module doesn't sufficiently restrict access to unpublished library items in lists. This vulnerability is mitigated by the fact the paragraphs\library module must be in use, and that an attacker must have...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:34 p.m.8 views

CVE-2026-53693 MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

6.9CVSS5.5AI score0.00277EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 4:59 p.m.36 views

CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

4.3CVSS0.00281EPSS
Exploits1References4
CVE
CVE
added 2026/06/01 4:59 p.m.19 views

CVE-2026-45286

CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...

4.3CVSS5.8AI score0.00281EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/01 4:59 p.m.4 views

CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

4.3CVSS5.9AI score0.00281EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/05/29 7:18 p.m.22 views

Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

6.9CVSS5.9AI score0.00291EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/20 3:35 p.m.8 views

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via entity suggestions whilst adding a link to CKEditor5. An attacker can execute arbitrary scripts in...

6.1CVSS5.6AI score0.00201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.26 views

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 11:12 p.m.13 views

CLSA-2026-1777942724 vim: Fix of 3 CVEs

CVE-2021-3928: fix reading uninitialized memory in spell suggestions spellsuggest.c - CVE-2022-1616: fix buffer overflow in invalid command with composing chars exdocmd.c - CVE-2022-1620: fix NULL pointer dereference when using invalid pattern buffer.c...

7.8CVSS7.3AI score0.02645EPSS
Exploits3References1
OSV
OSV
added 2026/04/15 7:27 p.m.6 views

DRUPAL-CORE-2026-003

Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user...

6.1CVSS5.2AI score0.00201EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33242

Name of the Vulnerable Software and Affected Versions Drupal core versions 11.3.0 through 11.3.6 Description Drupal core contains an issue where entity suggestions provided during the process of adding a link to CKEditor 5 are not sufficiently sanitized. This allows a malicious user to trigger a...

6.1CVSS5.7AI score0.00201EPSS
Exploits0References4
Drupal
Drupal
added 2026/04/15 12:0 a.m.69 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user...

6.1CVSS5.2AI score0.00201EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.7 views

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/03/25 9:19 a.m.136 views

Ja4Scanner

Ja4Scanner — Bug Bounty Hunter's Toolkit A Python CLI tool fo...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.7 views

PT-2026-28635

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 Description An incorrect authorization issue exists in Drupal AI Artificial Intelligence that allows for resource injection. The module and certain submodules AI...

5.9AI score0.00232EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/02/21 7:58 a.m.12 views

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Artificial intelligence AI company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security , is currently available in a limited research preview to...

6.1AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/02 12:0 p.m.5 views

a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +1061 more potentially affected by unknown CVE via git2 (>=0.10.0 <=0.1.21)

git2 CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.0.0, =0.1.0, =0.3.3 - amisgitpm =0.0.1 - amp =0.6.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0008...

5.7AI score
Exploits0
Rows per page
Query Builder