Lucene search
+L

70 matches found

CVE
CVE
added 2026/07/07 7:8 a.m.11 views

CVE-2026-8309

The CVE-2026-8309 applies to Armiya Information Technologies Ltd. Co. Access Control System (GKS), affected before Version 2. It is a Reflected XSS caused by improper input neutralization during web page generation. The CVSS v3.1 base metrics indicate a Medium impact (5.4) with network attack vec...

5.4CVSS5.9AI score0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-401 parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.3AI score0.00405EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2026/06/19 3:0 a.m.7 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6AI score0.00107EPSS
Exploits0
EUVD
EUVD
added 2026/06/07 12:31 a.m.15 views

EUVD-2026-34977

clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation...

8.4CVSS5.4AI score0.00164EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 6:36 p.m.4 views

CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver

An issue exists in Amazon Redshift JDBC Driver versions prior to 2.2.2. Under certain conditions, the driver could load and execute arbitrary classes when processing JDBC connection URL parameters. An actor who can influence the connection URL could potentially execute code in the application...

9.2CVSS6.2AI score0.00573EPSS
Exploits0References6
OSV
OSV
added 2026/05/07 6:47 p.m.2 views

CVE-2026-42225 GnuTLS backend silently skips certificate chain verification when verify_peer is false

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, on GnuTLS builds, the SIP TLS transport siptransporttls can accept connections with invalid or untrusted certificates even when the application explicitly enables certificate verification via...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References5
CVE
CVE
added 2026/05/04 5:41 a.m.37 views

CVE-2026-43859

Mutt vulnerability CVE-2026-43859 affects mutt before 2.3.2, where IMAP auth_cram MD5 digest computation may use strfcpy instead of memcpy. Root cause is choosing the wrong string copy function in the digest pathway. Impact (per CVSS 3.1) is Confidentiality: None, Integrity: Low, Availability: No...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 7:7 p.m.13 views

CVE-2026-33152 Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as one of the default authentication backends. The AllAuth rate limiting configuration...

9.1CVSS5.9AI score0.00513EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/25 4:15 p.m.36 views

CVE-2026-32515 WordPress Miraculous theme < 2.1.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through 2.1.2...

7.5CVSS0.00291EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-32489 WordPress B Blocks plugin < 2.0.30 - Broken Access Control vulnerability

Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through 2.0.30...

6.5CVSS0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.8 views

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

9.3CVSS5.4AI score0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.37 views

CVE-2026-24368 WordPress The Grid plugin < 2.8.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through 2.8.0...

5.3CVSS0.00185EPSS
Exploits0References1
OSV
OSV
added 2026/01/14 9:15 p.m.9 views

AZL-74636 CVE-2026-0861 affecting package glibc for versions less than 2.35-9

Passing too large an alignment to the memalign suite of functions memalign, posixmemalign, alignedalloc in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size a...

8.4CVSS6AI score0.00352EPSS
Exploits1References1
OSV
OSV
added 2026/01/14 9:31 a.m.7 views

GHSA-V492-6XX2-P57G Chainlit contains an authorization bypass vulnerability

Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product...

4.2CVSS5.5AI score0.00217EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.14 views

CVE-2023-4829

Cross-site Scripting XSS - Stored in GitHub repository froxlor/froxlor prior to 2.0.22...

5.4CVSS5.9AI score0.00381EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.9 views

PT-2025-50909

Name of the Vulnerable Software and Affected Versions Simcenter Femap versions prior to 2512 Description An uninitialized memory issue exists in Simcenter Femap. The application is affected when processing specially crafted SLDPRT files, potentially allowing an attacker to execute code within the...

7.8CVSS7.1AI score0.00169EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/01 12:0 a.m.8 views

FileRise 跨站脚本漏洞

FileRise is a lightweight, self-hosted web-based file manager by Ryan Personal Developer. A cross-site scripting vulnerability exists in FileRise versions prior to 2.2.3, which stems from improper handling of SVG files and could lead to stored cross-site scripting...

5.4CVSS5.7AI score0.0018EPSS
Exploits1References3
CVE
CVE
added 2025/11/11 4:51 p.m.13 views

CVE-2025-32446

Summary: CVE-2025-32446 affects Intel QuickAssist Technology (QAT) software prior to version 2.6.0. An untrusted pointer dereference in Ring 3 (User Applications) could allow an attacker with local access and an authenticated, low‑complexity user to escalate privileges and potentially manipulate ...

6.8CVSS6.1AI score0.00115EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-11725

Malware in sbrugna...

4.8CVSS5.2AI score0.00681EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-43737

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00913EPSS
Exploits0References1
Rows per page
Query Builder