Lucene search
K

985 matches found

Nuclei
Nuclei
added 19 hours ago31 views

SiYuan <= v3.6.1 - Bookmark Data Disclosure

SiYuan v3.6.2 contains an information disclosure vulnerability caused by improper authorization checks in the publish service's bookmark filtering, letting unauthenticated visitors access bookmarked blocks from password-protected documents, exploit requires access to the publish service. id:...

7.5CVSS5.9AI score0.01227EPSS
Exploits1References2
Nuclei
Nuclei
added 19 hours ago11 views

RClone RC - Command Injection

Rclone = 1.48.0 and = 1.48.0 and 1.73.5 contains an unauthenticated local command execution caused by unauthenticated access to the RC endpoint operations/fsinfo with attacker-controlled fs input, letting unauthenticated attackers execute local commands, exploit requires reachable RC deployment...

9.8CVSS6.1AI score0.09199EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.6 views

PT-2026-54860

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.17.9 Craft CMS versions 5.0.0-RC1 through 5.9.9 Description Control panel users with the utility:system-messages permission can embed a file-reading payload into system email templates because the dataUrl...

6CVSS5.8AI score0.00268EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54686

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description A use after free issue in Skia, a graphics library, allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A use after free occurs when a program...

9.6CVSS6AI score0.00413EPSS
Exploits0References442
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Fedora 43 : moby-engine (2026-0feb6e4967)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-0feb6e4967 advisory. - Update to release v29.6.0 - Resolves: rhbz2490590 - Resolves CVE-2026-39828: rhbz2489945 - Resolves CVE-2026-39829: rhbz2490099 - Resolves...

9.1CVSS6.7AI score0.00533EPSS
Exploits0References4
OSV
OSV
added 2026/06/22 2:37 p.m.2 views

OPENSUSE-SU-2026:21011-1 Security update for 389-ds

This update for 389-ds fixes the following issue - CVE-2026-9064: unbounded LDAP controls count in getldapmessagecontrolsext can lead to amplified CPU time and heap allocation and a denial of service bsc1265898. Changes for 389-ds: - Update to version 3.0.6git337.647f49042: Issue 7541 -...

7.5CVSS5.7AI score0.00815EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.5 views

Debian dsa-6359 : gstreamer1.0-gtk3 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6359 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6359-1 [email protected] https://www.debian.org/securit...

8.8CVSS7.7AI score0.00828EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.6 views

Fedora 44 : yt-dlp (2026-bb702c613b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-bb702c613b advisory. - Update to 2026.06.09. Fixes rhbz2487407. - Mitigates CVE-2026-50019, CVE-2026-50023, CVE-2026-50574 Tenable has extracted the preceding descriptio...

9.6CVSS6AI score0.00555EPSS
Exploits1References4
OSV
OSV
added 2026/06/19 4:51 p.m.2 views

OPENSUSE-SU-2026:21102-1 Security update for postgresql14

This update for postgresql14 fixes the following issues Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard against malicious time zone...

8.8CVSS6.9AI score0.00668EPSS
Exploits0References17
NVD
NVD
added 2026/06/18 10:16 p.m.16 views

CVE-2026-8100

Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated request may bypass...

9.4CVSS0.00401EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 4:40 p.m.4 views

SUSE-SU-2026:2460-1 Security update for kubernetes-old

This update for kubernetes-old fixes the following issues: - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265747. - CVE-2026-35469: github.com/moby/spdystream: memory amplification in SPDY frame parsing leads to denial of servic...

8.7CVSS5.8AI score0.00781EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-48274

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic ACC versions prior to 7.4.3 build 9395 Description A Server-Side Request Forgery SSRF issue exists where the server can be coerced into making unauthorized requests. This can lead to privilege escalation or arbitrary cod...

10CVSS6.2AI score0.00449EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Fedora 44 : chromium (2026-15e444c3bb)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-15e444c3bb advisory. Update to 149.0.7827.53 fix 429 CVEs CVE-2026-10881 through CVE-2026-11309 Tenable has extracted the preceding description block directly from the...

9.6CVSS5.9AI score0.0039EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/03 6:3 p.m.13 views

Maintenance update for Multi-Linux Manager 4.3 Release Notes Release Notes

Description: This update fixes the following issues: release-notes-susemanager-proxy: Update to SUSE Manager 4.3.18 Bugs mentioned bsc1249675, bsc1259554 Security update 4.3.18 for Multi-Linux Manager Server LTS Description: This update fixes the following issues: release-notes-susemanager: Updat...

9.1CVSS7.2AI score0.05994EPSS
Exploits2References34
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46267

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software fails to validate IP addresses. The add function calls the encode function to parse addresses; if the input does not resemble netmasks or network ranges, it is treated as a single ...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.15 views

Debian dsa-6310 : imagemagick - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6310 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6310-1 [email protected] https://www.debian.org/securit...

7.5CVSS6.3AI score0.01849EPSS
Exploits4References32
Cvelist
Cvelist
added 2026/05/29 8:4 a.m.38 views

CVE-2026-10056 CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS0.00242EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

Fedora 44 : podofo (2026-5c81faa7bf)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-5c81faa7bf advisory. Update to podof-1.0.4. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

2.5CVSS5.8AI score0.00096EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 5:11 p.m.43 views

CVE-2026-45548 Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Validation

Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetchfileUrl directly without the IP blacklist validation that is consistently applied to all other automation steps. This allows an authenticated...

7.7CVSS0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/21 8:24 p.m.10 views

CVE-2026-8428 CSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and below

Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...

7.5CVSS5.7AI score0.00132EPSS
Exploits0References1
Rows per page
Query Builder