Lucene search
K

18 matches found

EUVD
EUVD
added 2026/06/26 3:45 p.m.7 views

EUVD-2026-39791

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This vulnerability is fixed in 2.94.0...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 4:8 p.m.32 views

CVE-2026-50023 yt-dlp: Dangerous file type creation via insufficient filename sanitization (Bypass of CVE-2024-38519)

yt-dlp is a command-line audio/video downloader. Prior to 2026.06.09, a vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing the remediation for CVE-2024-38519. The allowlist explicitl...

8.3CVSS0.00555EPSS
Exploits1References4
CVE
CVE
added 2026/06/12 1:44 p.m.30 views

CVE-2026-53722

CVE-2026-53722 affects Nuxt.js prior to versions 3.21.7 and 4.4.7, where did not validate URL schemes bound to its to or href before rendering. Attacker-controlled input (query parameters, CMS fields, or user URLs) can be reflected into the href attribute, enabling reflected DOM-based XSS via ja...

5.4CVSS4.8AI score0.00198EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 1:17 p.m.18 views

CVE-2026-10856

CVE-2026-10856 concerns an open redirect in the MISP dashboard button widget due to a URL validation flaw. A crafted relative-looking URL could be accepted as a local path while browsers treat it as an external URL, especially when paths begin with /\ and browsers normalize backslashes to slashes...

6.1CVSS5.7AI score0.00148EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 1:17 p.m.41 views

CVE-2026-10856 Open redirect in MISP dashboard button widget URL handling

A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation rejected URLs containing an explicit scheme, host, or user component, but did not reject paths...

5.1CVSS0.00148EPSS
Exploits0References1
OSV
OSV
added 2026/03/03 6:31 a.m.3 views

GHSA-7GMJ-H9XC-MCXC mailparser vulnerable to Cross-site Scripting

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References6
GithubExploit
GithubExploit
added 2026/01/22 7:0 p.m.172 views

CVE-2026-XXXX-Meru-Shell-OpenExternal-RCE

CVE-2026-XXXXX: Arbitrary URL Scheme Execution in Meru Gmail...

6.3AI score
Exploits0
Veracode
Veracode
added 2025/11/27 6:32 a.m.7 views

Path Traversal

clearml is vulnerable to Path Traversal. The vulnerability is due to improper handling of symbolic and hard links in the safeextract function, which allows an attacker to write files outside the intended directory and potentially achieve remote code execution...

5.8CVSS8.2AI score0.00276EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.9 views

PT-2024-39514 · WordPress · Pdf Image Generator

Name of the Vulnerable Software and Affected Versions: PDF Image Generator plugin for WordPress versions up to, and including, 1.5.6 Description: The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escapi...

6.1CVSS6.7AI score0.00299EPSS
Exploits0References8
Amazon
Amazon
added 2024/08/06 12:0 a.m.3 views

Important: emacs

Issue Overview: In Emacs before 29.3, Gnus treats inline MIME contents as trusted. CVE-2024-30203 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. CVE-2024-30204 In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode...

9.8CVSS7AI score0.01312EPSS
Exploits0
OSV
OSV
added 2024/06/23 10:15 p.m.8 views

AZL-42925 CVE-2024-39331 affecting package emacs for versions less than 29.4-1

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

9.8CVSS7.2AI score0.01312EPSS
Exploits0References1
OSV
OSV
added 2024/06/23 10:15 p.m.8 views

UBUNTU-CVE-2024-39331

In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such as shell-command-to-string. This affects Org Mode before 9.7.5...

9.8CVSS7.2AI score0.01312EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/06/23 12:0 a.m.11 views

PT-2024-4296

Name of the Vulnerable Software and Affected Versions Emacs versions prior to 29.4 Org Mode versions prior to 9.7.5 Description The issue arises from the expansion of a %... link abbrev by the org-link-expand-abbrev function in lisp/ol.el, even when it specifies an unsafe function like...

10CVSS7.1AI score0.01312EPSS
Exploits0References86
NVD
NVD
added 2022/10/31 9:15 p.m.23 views

CVE-2022-40290

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting XSS vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users...

6.1CVSS0.00375EPSS
Exploits0References1
OSV
OSV
added 2022/03/01 2:15 a.m.4 views

CVE-2022-22262

ROG Live Service’s function for deleting temp files created by installation has an improper link resolution before file access vulnerability. Since this function does not validate the path before deletion, an unauthenticated local attacker can create an unexpected symbolic link to system file pat...

7.7CVSS7.2AI score0.00253EPSS
Exploits0References1
OSV
OSV
added 2021/07/30 3:15 p.m.2 views

DEBIAN-CVE-2021-37746

textviewurisecuritycheck in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click...

6.1CVSS6.2AI score0.01155EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/30 12:0 a.m.3 views

rpm 后置链接漏洞

rpm is a powerful command-line driven package management tool used to install, uninstall, verify, query, and update packages on Linux systems. A security vulnerability exists in rpm that stems from not performing unsafe symbolic link checks on intermediate directories. An attacker exploiting this...

6.7CVSS6.7AI score0.00481EPSS
Exploits1References12
PyPA
PyPA
added 2018/11/18 5:29 p.m.9 views

PYSEC-2018-18

Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely...

6.1CVSS6.1AI score0.01323EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder