Lucene search
K

12917 matches found

RedhatCVE
RedhatCVE
added 2026/06/26 1:13 p.m.6 views

CVE-2026-53113

A flaw was found in the Linux kernel's ath11k Wi-Fi driver. Specifically, the ath11kmacsetupbcntmplema and ath11kmacsetupbcntmplmbssid functions, responsible for setting up beacon templates, fail to release allocated memory when an error occurs during parameter setup. This oversight can lead to...

5.5CVSS5.7AI score0.00159EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:43 a.m.9 views

BIT-GRAFANA-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS5.8AI score0.00266EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.7 views

SUSE CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:26 p.m.3 views

GO-2026-5081 Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea

Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 3:23 p.m.31 views

CVE-2026-48942 Joomla Extension - getk2.org - Stored-XSS in K2 extension for Joomla < 2.26

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 a.m.13 views

CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

7.8CVSS0.00128EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 9:16 a.m.11 views

UBUNTU-CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

7.8CVSS5.7AI score0.00128EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

5.7AI score0.00128EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39218

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

5.8AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.28 views

CVE-2026-53267 netfilter: nft_ct: bail out on template ct in get eval

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

7.8CVSS0.00128EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53267

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: bail out on template ct in get eval I noticed this issue while looking at a historic syzbot report 1. A rule like the one below is enough to trigger the bug: table ip t chain pre type filter hook prerouting...

7.8CVSS5.7AI score0.00128EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.15 views

CVE-2026-53267

The CVE-2026-53267 entry concerns a Linux kernel netfilter nft_ct use-after-free style issue where a per-CPU template conntrack entry can be treated as a real ct, causing a 16-byte memcpy path to overflow the kernel stack when using NFT_REG32_15. The root cause is that a template ct is not reject...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2026/06/25 12:0 a.m.19 views

VulnCheck KEV: CVE-2026-28496

FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template Injection SSTI vulnerability in the template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custo...

9.4CVSS6.4AI score0.01892EPSS
In wildExploits1References2
NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 9:15 p.m.14 views

CVE-2026-54068 SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from authentication in SiYuan's kernel router router.go, "不需要鉴权" -- no auth needed. When called with type=8 and a valid block id parameter, this endpoint...

5.9CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:15 p.m.7 views

CVE-2026-54068

SiYuan before 3.7.0: unauthenticated access to /api/icon/getDynamicIcon where type=8 with a valid block id runs Go templates that execute arbitrary SQL (RenderDynamicIconContentTemplate), enabling an attacker to exfiltrate extensive SQLite data (notes, tags, asset refs, block attributes). The roo...

5.9CVSS6AI score0.00239EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:52 p.m.4 views

CVE-2026-33235

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 8:52 p.m.16 views

CVE-2026-33235 AutoGPT: Denial of Service (DoS) via Resource Exhaustion in text templating features

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions prior to 0.6.52, the Fill Text Template block is vulnerable to a Denial of Service DoS attack. While the backend implements a SandboxedEnvironment to prevent...

7.7CVSS0.0031EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:52 p.m.11 views

CVE-2026-33235

AutoGPT is vulnerable to Denial of Service in the Fill Text Template block prior to v0.6.52. Although a SandboxedEnvironment blocks certain attributes (e.g., class ), it does not cap the computational complexity or execution time of Python/Jinja2 expressions, allowing crafted inputs to exhaust CP...

7.7CVSS5.8AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:43 p.m.3 views

GHSA-PRJ9-97MP-MWH2 OliveTin has Unvalidated `ot_`-prefixed Arguments that Bypass Input Filtering

Description The filterToDefinedArgumentsOnly function in the executor is intended to discard any arguments not explicitly defined in the action's configuration. However, a special case allows any argument whose name starts with ot to bypass this filter. While two system arguments...

4.3CVSS6.1AI score
Exploits0References3
Rows per page
Query Builder