Lucene search
K

349 matches found

Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-54004 Kirby: Access to files of top-level drafts is not protected by permissions

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites with content.fileRedirects enabled could redirect unauthenticated clean file URL requests for files stored in top-level draft pages to physical media URLs without checking page access permissions or preview...

6.3CVSS0.00312EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41977

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

7.5CVSS0.00339EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-38976

mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in opsuper / OPSUPER due to a missing runtime guard for top-level super...

0.00339EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-56022

Name of the Vulnerable Software and Affected Versions mrubyc versions prior to 3.4.2 Description A NULL pointer dereference occurs in the src/vm.c file within the op super function OP SUPER. This issue is caused by a missing runtime guard for top-level super. Recommendations Update to version 3.4...

7.5CVSS5.9AI score0.00339EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 9:17 p.m.6 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 6:26 a.m.8 views

MAL-2026-6376 Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 6:26 a.m.11 views

Malicious code in bn-lint (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c14057d91b2283926b2b0c1093a66db17c40efbd0ceb21c29b0bdbfa79736da5 Package is published as 'bn-lint' but ships a verbatim copy of MikeMcl/big.js README, source, version banner v7.0.1, and repo URL all identify as...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51059

Name of the Vulnerable Software and Affected Versions @tinacms/cli versions prior to 2.4.3 Description @tinacms/cli contains a Remote Code Execution issue in its Forestry-to-Tina migration command. The internal helper function addVariablesToCode unquotes any value matching the marker " TINA...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/18 3:5 p.m.10 views

Kirby: Access to files of top-level drafts is not protected by permissions

TL;DR This vulnerability affects Kirby 5 sites that have the content.fileRedirects option enabled set to true or a custom closure as well as all Kirby 4 sites that haven't explicitly disabled this option. It was possible to access clean file URLs of top-level drafts e.g. /about-us/team.jpg withou...

6.3CVSS5.3AI score0.00312EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50725

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.4 Kirby versions prior to 5.4.4 Description Kirby sites with the content.fileRedirects option enabled allow unauthenticated users to access clean file URLs for files stored in top-level draft pages. The system...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References8
NVD
NVD
added 2026/06/11 7:16 p.m.13 views

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS0.00201EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 p.m.11 views

UBUNTU-CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2026/06/11 6:32 p.m.10 views

CVE-2026-52858

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.8CVSS5.5AI score0.00201EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 6:32 p.m.11 views

EUVD-2026-36282

Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3 interpreter enabled and the legacy pythoncomplete.vim for builds with the +python interpreter executes the import and from statements foun...

7.3CVSS5.7AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.13 views

PT-2026-48721

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0561 Description The Python omni-completion script in python3complete.vim for builds with the +python3 interpreter enabled and pythoncomplete.vim for builds with the +python interpreter executes import and from...

7.8CVSS5.4AI score0.00201EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-52858

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source, command line text editor. Prior to version 9.2.0561, the Python omni-completion script in python3complete.vim for Vim with the +python3...

7.8CVSS6.1AI score0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2.5CVSS5.4AI score0.00193EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.10 views

CVE-2026-44548

ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user with the relevant role to silently delete records,...

8.1CVSS5.3AI score0.0012EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:34 p.m.10 views

OESA-2026-2487 jq security update

jq is a lightweight and flexible command-line JSON processor. you can use it to slice and filter and map and transform structured data. It is written in portable C, and it has zero runtime dependencies. it can mangle the data format that you have into the one that you want. Security Fixes: jq is ...

7.3CVSS6AI score0.00161EPSS
Exploits7References8
Rows per page
Query Builder