Lucene search
+L

6 matches found

osv
osv
added 2026/06/12 9:2 p.m.5 views

CVE-2026-46717 Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, nezha's dashboard supports two user roles: RoleAdmin Role==0 and RoleMember Role==1. The notification routes POST /api/v1/notification and PATCH...

7.7CVSS5.9AI score0.0027EPSS
Exploits0References3
github
github
added 2026/05/12 10:23 p.m.10 views

SillyTavern has a reflected XSS vulnerability in the CORS proxy middleware

Resolution Fixed in SillyTavern 1.18.0: a user-provided URL is no longer reflected in the HTTP response body. Overview - Vulnerability Type: XSS - Affected Location: src/middleware/corsProxy.js:40 - Trigger Scenario: reflected XSS in CORS proxy error response Root Cause When fetchurl throws, the...

6.9CVSS6.1AI score0.00323EPSS
Exploits0References4Affected Software1
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-18599

Malware in sbrugna...

7.8CVSS7.5AI score0.00614EPSS
Exploits3References4
zdt
zdt
added 2018/09/18 12:0 a.m.29 views

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler

Exploit for linux platform in category dos / poc There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print...

0.7AI score
Exploits0
exploitdb
exploitdb
added 2018/09/13 12:0 a.m.22 views

Linux 4.18 - Arbitrary Kernel Read into dmesg via Missing Address Check in segfault Handler

There is a missing address check in both showopcodes callers. showopcodes is mostly used by the kernel to print the raw instruction bytes surrounding an instruction that generated an unexpected exception; however, sometimes it is also used to print userspace instructions. Because the userspace...

7.4AI score
Exploits0
zdi
zdi
added 2010/06/08 12:0 a.m.52 views

Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of SXVIEW records in an...

10CVSS5.3AI score0.24265EPSS
Exploits2
Rows per page
Query Builder