Lucene search
K

15243 matches found

CNNVD
CNNVD
added 2026/05/27 12:0 a.m.13 views

Jenkins AppSpider Plugin 安全漏洞

The Jenkins AppSpider Plugin is an open-source Jenkins application security scanning integration plugin. The Jenkins AppSpider Plugin versions 1.0.17 and earlier contain security vulnerabilities. These vulnerabilities stem from the lack of permission checks in the method responsible for form...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-48959

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward compares length $offset the digit...

7.5CVSS5.4AI score0.00373EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/26 10:1 p.m.38 views

CVE-2026-45298 Dozzle: Pre-auth SSRF with response-body reflection via POST /api/notifications/test-webhook (default no-auth deploy)

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, in a default dozzle deploy the documented quickstart, no DOZZLEAUTHPROVIDER set, POST /api/notifications/test-webhook is reachable without authentication and forwards an attacker-controlled URL into a WebhookDispatcher that...

8.6CVSS0.01491EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:41 p.m.8 views

CVE-2026-44898

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43295

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Improper validation of user-supplied input leads to a local file inclusion, which allows an attacker to include files on the local server. Recommendations At the...

9.8CVSS5.8AI score0.00482EPSS
Exploits0References4
OSV
OSV
added 2026/05/23 12:12 a.m.7 views

GHSA-GGXF-37HM-9WQF instagrapi: Unsafe signup challenge path handling in instagrapi

instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intende...

6.5CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/23 12:11 a.m.16 views

aiograpi: Unsafe signup challenge path handling

aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. A malicious or tampered challenge payload could cause challenge handling requests to be sent outside the intended...

6.5CVSS5.8AI score0.00195EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/23 12:0 a.m.16 views

PT-2026-42858

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.4.0 through 2.0.7 Description The dashboard allows users with the RoleMember role to access notification routes that should be restricted to administrators. Specifically, the endpoints "POST /api/v1/notification" an...

8.5CVSS5.2AI score0.0027EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/21 9:43 p.m.14 views

Division by zero

Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/21 9:43 p.m.15 views

Division by zero

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/21 9:43 p.m.12 views

Division by zero

Overview Affected versions of this package are vulnerable to Division by zero in the processing of a user-supplied binomial kernel. An attacker can cause a crash or denial of service by providing a specially crafted large kernel that triggers a division by zero. Remediation A fix was pushed into...

4.8CVSS5.8AI score0.00111EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/21 7:45 p.m.20 views

nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Impact A denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called .unwrap on curve point decompression, which panics when a public key is constructed from 32 bytes that do not represent a valid point...

4.3CVSS5.9AI score0.00231EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/20 8:16 p.m.14 views

CVE-2026-9136

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/20 6:39 p.m.33 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS0.00229EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:39 p.m.17 views

CVE-2026-9136

CVE-2026-9136 affects the ShadowAttribute proposal creation workflow in MISP. An add action accepted client-supplied ShadowAttribute data without stripping the id field, allowing an authenticated user to supply the identifier of an existing ShadowAttribute and cause an update instead of creating ...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 6:39 p.m.10 views

CVE-2026-9136 Unauthorized ShadowAttribute modification in MISP via client-supplied identifier

A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because the underlying framework treats a supplied primary key as an instruction to update...

8.3CVSS5.7AI score0.00229EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in python-setuptools

A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...

8.8CVSS7.2AI score0.01939EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 2:16 a.m.21 views

CVE-2026-6394

The Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Server-Side Request Forgery SSRF in versions up to and including 1.1.1. This is due to the importdemo function accepting a user-supplied URL in the demojsonfile POST parameter and...

5.4CVSS0.00316EPSS
Exploits0References7
CVE
CVE
added 2026/05/20 1:25 a.m.17 views

CVE-2026-6394

CVE-2026-6394 affects Nexa Blocks ≤ 1.1.1 (WordPress Gutenberg/FSE plugin). The import_demo() function accepts a user-supplied URL in demo_json_file via POST and forwards it to wp_remote_get() without URL validation or internal-network restrictions, enabling unauthenticated SSRF to arbitrary dest...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/18 3:32 p.m.11 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Glide process. An attacker can cause the server to initiate HTTP requests to internal network addresses, potentially exposing sensitive internal resources, by supplying specially crafted URLs tha...

6.3CVSS5.8AI score0.00151EPSS
Exploits0References2
Rows per page
Query Builder