Lucene search
K

63 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.9 and earlier contains a use-after-free issue due to the Binarystring::freebuffer function at the /sql/sqlstring.h component...

7.5CVSS7.6AI score0.02246EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.9 and earlier contain a segmentation fault through the component sql/itemcmpfunc.cc...

7.5CVSS7.5AI score0.02186EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.9 and below contains a segmentation fault through the component sql/itemfunc.cc:148...

7.5CVSS7.5AI score0.02211EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Mariadb 10.3

There is an assertion failure in MariaDB Server v10.9 and below due to the condition 'node-pcur-relpos == BTRPCURON' at /row/row0mysql.cc...

7.5CVSS7.8AI score0.02151EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41149

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious HTML through the classDef directive in Mermaid state diagrams. This allows for Document Object Model DOM injection, which escapes the Scalable...

5.4CVSS5.4AI score0.00401EPSS
Exploits0References6
OSV
OSV
added 2026/05/29 3:16 p.m.5 views

UBUNTU-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/29 1:54 p.m.9 views

EUVD-2026-33325

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/29 1:54 p.m.14 views

CVE-2026-41150 Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

5.3CVSS5.8AI score0.00384EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 11:16 p.m.22 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/22 10:3 p.m.17 views

CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/07 2:20 p.m.10 views

CVE-2026-40010

Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version...

9.1CVSS5.8AI score0.00379EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27653

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27556

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

6.1CVSS5.8AI score0.00357EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 10:16 a.m.14 views

CVE-2026-43975

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS0.00732EPSS
Exploits0References3
CVE
CVE
added 2026/05/06 8:34 a.m.28 views

CVE-2026-40010

CVE-2026-40010 describes a session-fixation risk in Apache Wicket caused by missing invocation of Servlet http web request method changeSessionId after session binding. Affected versions are Wicket 8.0.0–8.17.0, 9.0.0, and 10.0.0–10.8.0. The issue can be mitigated by upgrading to version 10.9.0, ...

9.1CVSS5.7AI score0.00379EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 8:34 a.m.8 views

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

5.8AI score0.00357EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 6:10 p.m.62 views

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

3.7CVSS0.00415EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/02/12 9:14 p.m.21 views

SecureAgeExploit

SecureAge Responsible Disclosure PoCs This repository contain...

4.8CVSS5.5AI score0.00106EPSS
Exploits1
EUVD
EUVD
added 2025/10/29 9:49 p.m.5 views

EUVD-2025-36700

CKAN vulnerable to fixed session IDs...

6.1CVSS6.4AI score0.00269EPSS
Exploits0References3
OSV
OSV
added 2025/10/29 5:54 p.m.4 views

CVE-2025-64100 CKAN Vulnerable to Session Cookie Fixation

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, session ids could be fixed by an attacker if the site is configured with server-side session storage CKAN uses cookie-based session storage by default. The attacker would need to...

6.1CVSS6.5AI score0.00269EPSS
Exploits0References4
Rows per page
Query Builder