Lucene search
K

9720 matches found

CVE
CVE
added 3 days ago21 views

CVE-2026-61454

CVE-2026-61454 affects Grav's Admin2 plugin prior to 2.0.4. The vulnerability arises from embedding a global JavaScript variable, window.GRAV_CONFIG , in the Admin2 SPA bootstrap page at /grav/admin and subroutes. This object is returned in every unauthenticated response and exposes server URL, A...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-61454 Grav before 2.0.4 Information Disclosure via __GRAV_CONFIG__

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS0.00239EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57442

Name of the Vulnerable Software and Affected Versions Grav Admin2 plugin versions prior to 2.0.4 Description The plugin embeds a global JavaScript variable window. GRAV CONFIG in the Admin2 SPA bootstrap page at the '/grav/admin' endpoint and its subroutes. This object is returned in every...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57194

Name of the Vulnerable Software and Affected Versions praisonaiagents versions prior to 1.6.78 Description An unsafe dynamic module loading issue exists in the AgentFlow. resolve pydantic class function. When a workflow step utilizes a string output pydantic reference, the framework imports a...

8.5CVSS6.4AI score0.00129EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago30 views

CVE-2026-59148 Mockoon: Unauthenticated admin API + wildcard CORS allows mock-state hijack and secret theft

Mockoon provides way to design and run mock APIs. Prior to 9.7.0, Mockoon's admin API in commons-server/src/libs/server/admin-api.ts is mounted on the same Express listener as user-defined mock routes, enabled by default in shipped runtimes, serves Access-Control-Allow-Origin: with write methods...

8.8CVSS0.00173EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-15168 Use of Uninitialized Variable in Wireshark

BLF file parser in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allows possible information disclosure...

2.5CVSS0.00102EPSS
Exploits1References2
CVE
CVE
added 6 days ago14 views

CVE-2026-15168

Wireshark is affected by CVE-2026-15168 due to a vulnerability in the BLF file parser. Versions 4.6.0–4.6.6 and 4.4.0–4.4.16 are susceptible to information disclosure. The CVSS v3.1 score is 2.5 (LOW); attack vector LOCAL, required user interaction, high complexity, and no privileges required. Th...

3.3CVSS5.9AI score0.00102EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 6 days ago5 views

kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

8.8CVSS5.9AI score0.00167EPSS
Exploits0References5
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42157

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS6AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56618

Name of the Vulnerable Software and Affected Versions davenardella snap7 versions prior to 1.4.4 Description A flaw in the ReadVar Request Handler component allows for deserialization. The issue resides in the TS7Worker::PerformFunctionRead function within the src/core/s7 server.cpp file...

6.3CVSS6.6AI score0.00285EPSS
Exploits0References9
NVD
NVD
added last week7 views

CVE-2026-50811

An out-of-bounds read vulnerability exists in FreeType 2.14.3 and versions before commit 5a280ecde6f324de0d226261036e736e0cb49a71 in src/truetype/ttgxvar.c, in the TTGetVarDesign implementation used by FTGetVarDesignCoordinates...

6.5CVSS0.00278EPSS
Exploits0References5
OSV
OSV
added last week4 views

DEBIAN-CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS0.00498EPSS
Exploits0References4
Debian CVE
Debian CVE
added last week5 views

CVE-2026-14380

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

8.8CVSS6.3AI score0.00498EPSS
Exploits0
Cvelist
Cvelist
added last week30 views

CVE-2026-14380 DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile

DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...

0.00498EPSS
Exploits0References3
CVE
CVE
added last week12 views

CVE-2026-14380

CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/07 12:0 a.m.15 views

CVE-2026-50811

FreeType 2.14.3 and earlier (before commit 5a280ecde6f324de0d226261036e736e0cb49a71) contain an out-of-bounds read in src/truetype/ttgxvar.c within TT_Get_Var_Design_Coordinates (used by TT_Get_Var_Design). Affected component: FreeType typography engine (ttgxvar.c). Root cause: out-of-bounds read...

6.5CVSS6AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56272

Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description Code injection is possible via a caller-influenced Profile attribute. When a string is assigned to this attribute, the software splits it into path, package, and arguments, then interpolates the package...

8.8CVSS6.6AI score0.00498EPSS
Exploits0References14
OSV
OSV
added 2026/07/06 9:23 p.m.3 views

GHSA-WW9Q-8R59-XV46 Zebra: Missing copy constraint in halo2_gadgets variable-base scalar multiplication allows under-constrained base, breaking Orchard Action circuit soundness

Summary A soundness vulnerability in the variable-base scalar multiplication gadget of halo2gadgets allowed a malicious prover to produce a valid proof for an Orchard Action with an under-constrained base point. Because this gadget enforces the diversified-address-integrity condition of the Orcha...

9.3CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder