Lucene search
K

8140 matches found

NVD
NVD
added 2026/05/22 7:17 p.m.15 views

CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS0.00276EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 5:55 p.m.7 views

CVE-2026-39970

TypeBot is a chatbot builder tool. Versions 3.15.2 and prior contain a critical stored XSS vulnerability in the app.typebot.io profile picture upload form. The application fails to sanitize or restrict SVG/XML-based uploads and directly renders them when accessed through the domain. By uploading ...

8.5CVSS6AI score0.00276EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/22 4:16 a.m.17 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS0.00276EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:57 a.m.7 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/22 2:57 a.m.6 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS5.8AI score0.00276EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 2:57 a.m.41 views

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

8.2CVSS0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:31 a.m.14 views

EUVD-2026-31367

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS6.5AI score0.00672EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

Microsoft Azure Orbital Spatio 代码问题漏洞

Microsoft Azure Orbital Spatio is a satellite geospatial data processing and analysis platform developed by Microsoft Corporation. There is a code vulnerability in Microsoft Azure Orbital Spatio, which stems from unlimited upload of dangerous types of files. This vulnerability could allow...

10CVSS6AI score0.00534EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.11 views

PT-2026-42752

Name of the Vulnerable Software and Affected Versions Sync-in versions prior to 2.3 Description An issue exists in the URL download feature where the private IP blocklist regex fails to match IPv4-mapped IPv6 addresses, such as ::ffff:127.0.0.1. On dual-stack systems, Node.js may report a socket'...

7.7CVSS5.5AI score0.00221EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.14 views

PT-2026-42822

Name of the Vulnerable Software and Affected Versions TypeBot versions prior to 3.16.0 Description The application contains a stored Cross-Site Scripting XSS issue in the profile picture upload form at the 'app.typebot.io' endpoint. The system fails to sanitize or restrict SVG/XML-based uploads a...

8.5CVSS6.2AI score0.00276EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-rails (UTSA-2026-016644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016644 advisory. A client side enforcement of server side security vulnerability exists in rails 5.2.4.2 and rails 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length o...

7.5CVSS5.8AI score0.03065EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-1184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allow...

7.5CVSS5.8AI score0.00331EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.21 views

Typebot 安全漏洞

Typebot is an open-source chat bot builder developed by Baptiste Arnaud. Versions of Typebot 3.15.2 and earlier contained a security vulnerability. This vulnerability stemmed from the lack of cleanup for configuration file upload forms or the absence of restrictions on SVG/XML uploads, which coul...

8.5CVSS5.7AI score0.00276EPSS
Exploits0References2
NVD
NVD
added 2026/05/21 10:16 p.m.13 views

CVE-2026-6960

The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'bookingpressvalidatesubmittedbookingformfunc' function in all versions up to, and including, 5.6. This makes it possible for unauthenticated attackers to upload arbitrary...

9.8CVSS0.00672EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/21 8:13 p.m.6 views

CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...

9.4CVSS6.2AI score0.00738EPSS
Exploits0References1
OSV
OSV
added 2026/05/21 4:27 p.m.15 views

RLSA-2026:9044 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/url:...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 4:24 p.m.12 views

RLSA-2025:9844 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/http:...

5.4CVSS6.8AI score0.00724EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 4:24 p.m.11 views

RLSA-2026:8456 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: net/url:...

7.5CVSS7.2AI score0.00728EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 4:24 p.m.14 views

RLSA-2026:1380 Moderate: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: golang:...

7.5CVSS5.8AI score0.00419EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/21 8:7 a.m.11 views

EUVD-2026-31244

Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion. This issue affects Web Fax: from 3.0 before 3.1...

8.6CVSS5.8AI score0.0012EPSS
Exploits0References1
Rows per page
Query Builder