Lucene search
K

674 matches found

Nuclei
Nuclei
added 10 hours ago20 views

MaNGOSWebV4 < 4.0.8 - Cross-Site Scripting

paintballrefjosh/MaNGOSWebV4 4.0.8 contains a reflected XSS caused by unsanitized input in install/index.php step parameter, letting attackers execute arbitrary scripts in the victim's browser, exploit requires victim to visit a maliciously crafted URL id: CVE-2017-6478 info: name: MaNGOSWebV4...

6.1CVSS6.6AI score0.02574EPSS
Exploits6References4
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59725

A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP...

7.5CVSS6AI score0.00354EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/03 8:54 p.m.36 views

CVE-2026-58426 Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write

Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read and cross-task upload-state write...

9.6CVSS0.00177EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:54 p.m.13 views

CVE-2026-58426

The CVE-2026-58426 affects Gitea, specifically the Actions Artifacts V4 signed URL mechanism, where an HMAC ambiguity enables cross-repository artifact read and cross-task upload-state write. The vulnerability stems from how signed URLs are validated, allowing unauthorized access across repositor...

9.6CVSS5.9AI score0.00177EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:34 p.m.3 views

GHSA-G697-2XRC-GC46 amazon-braket-sdk vulnerable to Insecure Deserialization via pickle.loads()

Summary Amazon Braket SDK is an open-source Python library for interacting with the Amazon Braket quantum computing service, including managing hybrid quantum jobs and retrieving job results. An issue exists where, under certain circumstances, a remote authenticated user with S3 write access to a...

7.5CVSS6.5AI score0.0038EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 11:19 a.m.3 views

SUSE-SU-2026:22278-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References16
CVE
CVE
added 2026/06/24 4:29 p.m.13 views

CVE-2026-53012

In the Linux kernel, the following vulnerability has been resolved: nexthop: fix IPv6 route referencing IPv4 nexthop syzbot reported a panic 1 2. When an IPv6 nexthop is replaced with an IPv4 nexthop, the hasv4 flag of all groups containing this nexthop is not updated. This is because...

5.5CVSS5.7AI score0.00185EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/24 9:39 a.m.3 views

SUSE-SU-2026:22399-1 Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache...

9.8CVSS6.2AI score0.0049EPSS
Exploits8References14
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.27 views

EulerOS Virtualization 2.13.0 : kernel (EulerOS-SA-2026-2171)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

7.8CVSS8.2AI score0.0071EPSS
Exploits7References506
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.44 views

EulerOS Virtualization 2.13.1 : kernel (EulerOS-SA-2026-2132)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid...

7.8CVSS7AI score0.0071EPSS
Exploits7References506
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.10 views

CVE-2026-46193

In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled: the async ahash setup appends a 4-byte seqhi slot before the ICV or authdata area, but the async...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/05/27 2:17 p.m.14 views

CVE-2026-45983

In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops e.g. SETATTR can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time limit, cachecheck wil...

5.5CVSS0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.29 views

TP-Link多款产品 安全漏洞

TP-Link Archer RE650, among others, are products of the Chinese company TP-Link. The TP-Link Archer RE650 is a dual-band Gigabit wireless signal extender. The TP-Link Archer RE305 is also a dual-band Gigabit wireless signal extender. The TP-Link Archer RE360 is a wireless repeater that supports...

8.8CVSS5.8AI score0.00398EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: added error handling to avoid out-of-bounds access. If the sdmav40irqidtoseq function returns -EINVAL, the process should be stopped to prevent out-of-bounds reading; therefore, -EINVAL should be returned directly...

7.1CVSS6.4AI score0.00238EPSS
Exploits0References2
NVD
NVD
added 2026/05/15 6:16 a.m.32 views

CVE-2026-28761

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

8.5CVSS0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 5:38 a.m.56 views

CVE-2026-28761

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

8.5CVSS0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 5:38 a.m.12 views

CVE-2026-28761

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

8.5CVSS7.2AI score0.00131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 5:38 a.m.10 views

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

5.4CVSS6.1AI score0.00134EPSS
Exploits0References2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/05/15 4:57 a.m.12 views

Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"

Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...

8.5CVSS6.6AI score0.00134EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.12 views

Fujitsu Musetheque V4 跨站请求伪造漏洞

Fujitsu Musetheque V4 is a digital archive and collection information management system developed by Fujitsu for museums and cultural institutions. Versions of Fujitsu Musetheque V4 prior to rev2203.0 contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site...

8.5CVSS7.3AI score0.00131EPSS
Exploits0References1
Rows per page
Query Builder