Lucene search
+L

163 matches found

nuclei
nuclei
added yesterday63 views

Joplin 3.3.3 Server - Privilege Escalation

Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Prior to version 3.3.3, a privilege escalation vulnerability exists in the Joplin server, allowing non-admin users to exploit the API endpoint PATCH /api/users/-id t...

8.8CVSS6AI score0.01705EPSS
Exploits1References2
cvelist
cvelist
added 2026/07/09 8:22 a.m.38 views

CVE-2026-5793 XSS in Inrove Software's BiEticaret

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Inrove Software and Internet Services BiEticaret allows Reflected XSS. This issue affects BiEticaret: before v3.3.57...

6.1CVSS0.00149EPSS
Exploits0References1
nvd
nvd
added 2026/07/01 12:16 p.m.8 views

CVE-2026-14198

@fastify/middie versions 9.1.0 through 9.3.2 decode the encoded slash %2F inside path parameter values before matching middleware paths, while Fastify's underlying router preserves the encoding during route lookup. The two layers disagree on the canonical request path, so the middleware fails to...

9.1CVSS0.00299EPSS
Exploits0References2
cgr
cgr
added 2026/06/26 8:23 p.m.8 views

CVE-2026-54903 vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset...

6.3CVSS6.1AI score0.00253EPSS
Exploits0
cgr
cgr
added 2026/06/26 8:23 p.m.10 views

GHSA-3V45-F3VH-WG7M vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/26 8:23 p.m.8 views

GHSA-9PPP-W3G4-FH4Q vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
cgr
cgr
added 2026/06/26 8:23 p.m.19 views

GHSA-475M-PH3X-64GP vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby3.3-fluentd-kubernetes-daemonset, kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
cve
cve
added 2026/06/26 6:56 p.m.19 views

CVE-2026-52784

CVE-2026-52784 (OpenProject) is a CSRF vulnerability in OpenProject’s web UI. The issue allows CSRF on a user-targeted action via POST to /users/:id with the parameter user[admin], enabling unauthorized state changes without user interaction. Affected software versions are prior to 17.3.3 and 17....

8.8CVSS5.8AI score0.00163EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.15 views

PT-2026-52911

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description Cache store poisoning allows for Remote Code Execution RCE, a process where an attacker executes arbitrary code on a remote machine. Recommendations Update t...

9.6CVSS6.2AI score0.00233EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in openexr

OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format for the motion picture industry. From version 3.2.0 up to versions 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder used signed 32-bit arithmetic to construct temporary per-component block...

8.8CVSS5.7AI score0.00419EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/23 10:7 p.m.31 views

CVE-2026-47693 Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection Formula Injection in its log export functionality. User-controlled data — specifically the username field — is written to exported CSV files without sanitizing...

6.9CVSS0.00229EPSS
Exploits0References3
cgr
cgr
added 2026/06/23 8:17 a.m.11 views

GHSA-6WX8-W4F5-WWCR vulnerabilities

Vulnerabilities for packages: ruby3.2-fluentd-kubernetes-daemonset, ruby4.0-fluentd-kubernetes-daemonset, ruby4.0-rails, ruby3.2-rails, ruby3.3-rails, ruby3.4-rails, ruby3.3-fluentd-kubernetes-daemonset, kube-fluentd-operator, kube-logging-operator, ruby3.4-fluentd-kubernetes-daemonset...

6.1AI score
Exploits0
vulnrichment
vulnrichment
added 2026/06/22 3:32 p.m.7 views

CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References3
nvd
nvd
added 2026/06/15 9:17 p.m.11 views

CVE-2026-45441

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS0.00259EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.22 views

PT-2026-49467

Unauthenticated Other Vulnerability Type in WpEvently = 5.3.3 versions...

7.5CVSS5.2AI score0.00259EPSS
Exploits0References2
cgr
cgr
added 2026/06/11 1:47 a.m.9 views

CVE-2026-47241 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, logstash, ruby3.2-rails, ruby3.3-rails, truffleruby, gitlab-rails-ce-fips, ruby3.4-rails, kube-fluentd-operator, gitlab-rails-ce, kube-logging-operator, logstash-fips...

2.1CVSS6.1AI score0.00239EPSS
Exploits0
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.11 views

CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS5.5AI score0.00211EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/06/05 1:52 a.m.7 views

CVE-2026-50591

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...

5.4CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/02 10:16 a.m.16 views

CVE-2025-53345

Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3...

8.8CVSS0.00302EPSS
Exploits0References1
nvd
nvd
added 2026/06/01 7:16 p.m.11 views

CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

6.5CVSS0.00211EPSS
Exploits0References1
Rows per page
Query Builder