Lucene search
K

1052 matches found

EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43076

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Location Selector allows SQL Injection. This issue affects Location Selector versions: from 0.0.0 to 1.3.0...

6.1AI score0.00194EPSS
Exploits0References2
OSV
OSV
added 2026/06/22 6:16 p.m.3 views

UBUNTU-CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 4:45 p.m.65 views

CVE-2026-54282

The CVE concerns Starlette prior to 1.3.0: HTTP request path is not validated when reconstructing request.url, allowing attacker-controlled hostname by re-parsing a non-absolute path (e.g., @google.com). The issue is fixed in 1.3.0. Remediate by upgrading to 1.3.0+; no exploitation details are pr...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 4:45 p.m.8 views

CVE-2026-54282

Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating scheme://hostpath and re-parsing the result, a path that does not begin with / for example...

5.3CVSS5.9AI score0.00187EPSS
Exploits0
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37648

Unauthenticated Local File Inclusion in Promo = 1.3.0 versions...

8.1CVSS5.2AI score0.00363EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:38 p.m.8 views

Use of Incorrectly-Resolved Name or Reference

Overview starlette is a The little ASGI library that shines. Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in the reconstruction of request.url when the HTTP request path does not begin with /. An attacker can mislead the application into trusti...

8.3CVSS5.3AI score0.00187EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/11 12:9 p.m.13 views

WordPress Powerpack for LearnDash plugin < 1.3.0 - Unauthenticated Arbitrary Option Update vulnerability

Unauthenticated Arbitrary Option Update vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin PowerPack for LearnDash versions 1.3.0...

9.8CVSS7.8AI score0.00303EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/08 1:43 p.m.13 views

JLSEC-2026-593

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasmexprcopyexcept in libyasm/expr.c...

5.5CVSS5.4AI score0.00317EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:43 p.m.12 views

JLSEC-2026-586

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in hash in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00311EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:43 p.m.14 views

JLSEC-2026-588

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in findcc in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00311EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:43 p.m.19 views

JLSEC-2026-596

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandsmacro in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00317EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:43 p.m.13 views

JLSEC-2026-587

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expandmmacparams in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00311EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:43 p.m.15 views

JLSEC-2026-585

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in dodirective in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00311EPSS
Exploits1References4
OSV
OSV
added 2026/06/08 1:43 p.m.14 views

JLSEC-2026-590

An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in ifcondition in modules/preprocs/nasm/nasm-pp.c...

5.5CVSS5.4AI score0.00311EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.7 views

CVE-2026-34068

nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts UpdateValidator transactions that set newvotingkey=Some... while omitting newproofofknowledge. this skips the proof-of-knowledge requirement that is...

6.8CVSS5.4AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34066

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, HistoryStore::puthistorictxns uses an assert! to enforce invariants about HistoricTransaction.blocknumber must be within the macro block being pushed and within the same epoch. During histo...

5.3CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-34062

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, MessageCodec::readrequest and readresponse call readtoend on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because Behaviour::new also sets...

5.3CVSS5.6AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.11 views

CVE-2026-5711

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes ...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40092

nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record. The maliciously crafted record would contain a TaggedSigned with a signature field...

7.5CVSS5.6AI score0.00626EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.12 views

CVE-2026-35476

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any us...

7.2CVSS5.5AI score0.00145EPSS
Exploits0References1
Rows per page
Query Builder