Lucene search
+L

823 matches found

nvd
nvd
added 5 days ago6 views

CVE-2026-61448

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS0.00245EPSS
Exploits0References2
vulnrichment
vulnrichment
added 5 days ago4 views

CVE-2026-61448 Parse Server 9.0.0 Stored XSS via malformed Content-Type

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS6AI score0.00245EPSS
Exploits0References2
f5
f5
added 6 days ago6 views

K000162176: Spring authorization server vulnerability CVE-2026-22752

Security Advisory Description The cve record for the cve id does not exist. CVE-2026-22752 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory Status F5 Product Development has evaluated the currently supported releases for potential vulnerability, and...

9.6CVSS6.1AI score
Exploits0
euvd
euvd
added 2026/07/09 7:12 p.m.5 views

EUVD-2026-42688

Multiple protection mechanism failures in the Prisma Access Agent Data Loss Prevention DLP component for Windows allow a local user to bypass DLP policy enforcement controls. The Prisma Access Agent on macOS is not affected...

8.4CVSS5.9AI score0.00151EPSS
Exploits0References1
cve
cve
added 2026/07/09 7:5 p.m.12 views

CVE-2026-0280

CVE-2026-0280 concerns an IPv6 packet processing vulnerability in the dataplane of Palo Alto Networks PAN-OS that allows an unauthenticated attacker to bypass firewall policy enforcement, enabling blocked traffic to reach protected services. Connected sources confirm PAN-OS impacts, with Cloud NG...

7.2CVSS6AI score0.00303EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/07/09 6:51 p.m.71 views

CVE-2026-0287 PAN-OS: Denial of Service Vulnerabilities in Network Traffic Processing

Multiple denial of service vulnerabilities in Palo Alto Networks PAN-OS® software allow an unauthenticated attacker with network access to cause a denial of service DoS condition by sending specially crafted network traffic to or through a dataplane interface. Repeated attempts to trigger this...

8.7CVSS0.00587EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56586

Name of the Vulnerable Software and Affected Versions PAN-OS versions prior to 12.1.8 PAN-OS versions prior to 11.2.13 PAN-OS versions prior to 11.1.16 PAN-OS versions prior to 10.2.18-h8 Description A command injection issue exists in the management plane of the software, specifically within the...

8.5CVSS6.2AI score0.014EPSS
Exploits0References6
euvd
euvd
added 2026/07/07 9:25 a.m.5 views

EUVD-2026-42031

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/07/07 9:25 a.m.7 views

CVE-2026-14867

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score0.00092EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.14 views

PT-2026-56173

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...

6.8CVSS6.1AI score0.00092EPSS
Exploits0References9
euvd
euvd
added 2026/07/06 8:12 a.m.6 views

EUVD-2026-41848

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
osv
osv
added 2026/07/02 10:16 p.m.4 views

DEBIAN-CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS6.6AI score0.00597EPSS
Exploits0References1
nvd
nvd
added 2026/07/02 10:16 p.m.6 views

CVE-2026-12413

An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemblev2incomingfragments would ignore unknown outer payloads but still store these in a fixed size array msgdigest.digestPAYLIMIT...

7.5CVSS0.00597EPSS
Exploits0References2
osv
osv
added 2026/07/02 6:2 a.m.3 views

BELL-CVE-2026-53326 CVE-2026-53326 does not affect BellSoft software

Bulletin has no description...

5.7AI score0.00172EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 9:48 p.m.22 views

EUVD-2026-31658

Cargo crates in third party registries can override the cached source of other crates...

6.5CVSS5.8AI score0.00294EPSS
Exploits0References5
nvd
nvd
added 2026/06/25 9:16 p.m.8 views

CVE-2026-12473

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS0.00232EPSS
Exploits0References2
osv
osv
added 2026/06/24 1:21 p.m.4 views

CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS5.9AI score0.00331EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.52 views

PT-2026-51789

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.3.9b through 1.3.10rc2 Description An access control bypass allows authenticated FTP users to circumvent Directory ACL restrictions. By prefixing paths with /proc/self/root in the RNFR command handler, attackers can exploit...

8.6CVSS6AI score0.00331EPSS
Exploits0References15
github
github
added 2026/06/23 5:9 p.m.11 views

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5Affected Software1
euvd
euvd
added 2026/06/23 4:40 p.m.9 views

EUVD-2026-38523

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS5.9AI score0.0011EPSS
Exploits1References2
Rows per page
Query Builder