Lucene search
K

8284 matches found

Nuclei
Nuclei
added yesterday68 views

WordPress Responsive Vector Maps < 6.4.2 - Arbitrary File Read

WordPress Responsive Vector Maps 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user to read arbitrary files on the w...

6.5CVSS6.8AI score0.03005EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday31 views

WordPress Mapplic <= 6.1 / Mapplic Lite <= 1.0 - Authenticated Stored XSS via SVG File Upload

The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Stored Cross-Site Scripting via arbitrary URL injection in versions up to and including 6.1 and 1.0 respectively. Authenticated users with author-level permissions can inject arbitrary remote URLs for SVG map files. When a user...

8.3CVSS6.1AI score0.01133EPSS
Exploits1References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-41588

Improper input validation in Microsoft Edge Chromium-based allows an unauthorized attacker to execute code over a network...

7.5CVSS6.1AI score0.00285EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago52 views

Eclipse Jetty ConcatServlet - Information Disclosure

Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...

5.3CVSS6.8AI score0.7848EPSS
Exploits2References5
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-59099

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41430

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2025-71385

Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document into a text element without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An attacker can craft a U...

6.1CVSS5.7AI score0.00221EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteconvertedimagesize function in all versions up to, and including, 3.6.13. This makes it possible for authenticated attackers, with...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-41390

A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...

9.9CVSS5.8AI score0.00239EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago4 views

next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage

An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing...

7.5CVSS5.9AI score0.00683EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-55299

Name of the Vulnerable Software and Affected Versions Apereo CAS versions 7.3.0 through 8.0.0-RC5 Description A cryptographic issue allows remote unauthenticated attackers to recover plaintext conversation state. This occurs because the system reuses the AES-GCM initialization vector IV across th...

9.3CVSS6.2AI score0.00356EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as capacity vector-structsize using uint32t...

6.3AI score0.0019EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-55577

A flaw was found in ImageMagick, free and open-source software for editing and manipulating digital images. A heap buffer overflow occurs in the MVG Magick Vector Graphics decoder when processing a specially crafted image. This vulnerability could allow an attacker to cause an out-of-bounds write...

5.9CVSS5.8AI score0.00226EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-55594

A flaw was found in ImageMagick, free and open-source software for editing and manipulating digital images. A missing depth check in the MVG Magick Vector Graphics decoder can lead to a stack overflow when a remote attacker provides a specially crafted image. This vulnerability could result in a...

5.3CVSS5.8AI score0.00241EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago5 views

CVE-2026-53329

A flaw was found in the Linux kernel's drm/amd/display component. The dalvectorreserve function calculates memory allocation size using 32-bit arithmetic, which can lead to an integer overflow. This overflow causes a smaller memory buffer to be allocated than intended, resulting in a heap overflo...

6.3AI score0.0019EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-55594 ImageMagick: Stack Overflow in MVG decoder due to missing depth check.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, a missing depth check in the MVG decoder will result in a stack overflow when a crafted image is provided. This issue has been fixed in versions 6.9.13-51 and...

5.3CVSS0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-58038 Stored XSS through javascript URLs in SVGs generated by EasyTimeline

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files includes/Timeline.Php, scripts/EasyTimeline.Pl. This issue affects timeline: from before 1.46.0, 1.45.4,...

0.0024EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-53329

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...

0.0019EPSS
Exploits0References8
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-53329

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...

6AI score0.0019EPSS
Exploits0
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40963

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...

6AI score0.0019EPSS
Exploits0References7
Rows per page
Query Builder