Lucene search
K

800 matches found

Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.22 views

PT-2026-41724

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description The hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links. This causes the extension to make authenticated daemon requests using stored...

7.4CVSS5.8AI score0.0033EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 代码问题漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 have code vulnerabilities. These vulnerabilities stem from issues with the hover summary feature, which may allow malicious pages to assign synthetic mouse hover events on...

7.4CVSS5.9AI score0.0033EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40844

Name of the Vulnerable Software and Affected Versions Argo CD versions prior to 3.2.12 Argo CD versions prior to 3.3.10 Argo CD versions prior to 3.4.2 Description A stored cross-site scripting XSS issue exists in the application Summary tab. A user with application write access developer role ca...

7.3CVSS5.9AI score0.00037EPSS
Exploits0References156
OSV
OSV
added 2026/05/11 7:33 p.m.13 views

GHSA-CRMX-4P49-46M2 MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked

MantisBT allows a bugnote author to access the note's Revisions page after losing access to the parent private issue. Impact Disclosure of the private Issue's Id and Summary. The bugnote full revision body remains secure. Patches - 71df1f67e05b2050cd4bd87839e6cc13747cf03f Workarounds None Credits...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.10 views

PT-2026-39879

Name of the Vulnerable Software and Affected Versions Mantis Bug Tracker MantisBT versions prior to 2.28.2 Description A bugnote author can access the Revisions page of a note even after losing access to the parent private issue. This leads to the disclosure of the private issue's ID and summary,...

5.3CVSS5.8AI score0.00372EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/08 9:31 p.m.36 views

EUVD-2026-28826

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.7CVSS5.9AI score0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/08 7:54 p.m.17 views

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.7CVSS5.9AI score0.00296EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 10:22 p.m.6 views

Lemmy may expose private community data through community, saved, liked, and modlog API views

NOTE: Only affects development version. Summary Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alic...

5.5AI score
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.9 views

SUSE CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.6 views

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 7:16 a.m.22 views

CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS0.00096EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 7:16 a.m.7 views

UBUNTU-CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 6:10 a.m.5 views

CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References1
CVE
CVE
added 2026/05/04 6:10 a.m.22 views

CVE-2026-43864

Affected product: mutt. Vulnerability: show_sig_summary NULL pointer dereference in mutt before 2.3.2. Root cause: NULL pointer dereference in show_sig_summary. Impact: low (CVSS: LOW, LOCAL, user interaction required). References indicate a fix in the project history (commit linked). Remediation...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/04 6:10 a.m.4 views

CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/04 6:10 a.m.14 views

EUVD-2026-26904

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/04 6:10 a.m.9 views

CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS5.8AI score0.00096EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/04 6:10 a.m.45 views

CVE-2026-43864

mutt before 2.3.2 has a showsigsummary NULL pointer dereference...

2.5CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 2026/05/02 6:16 a.m.8 views

CVE-2026-5109

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/02 5:29 a.m.5 views

CVE-2026-5109 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient validation and output escaping of Product Option field values. The vulnerability exists because the state validation function accepts submitted...

7.2CVSS6AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder