Lucene search
K

68 matches found

Vulnrichment
Vulnrichment
added 2026/05/22 10:3 p.m.6 views

CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39740

Name of the Vulnerable Software and Affected Versions Amazon::Credentials versions prior to 1.3.0 Description Amazon::Credentials stores credentials in an obfuscated form to prevent secrets from being accessed via a data dump of the object. The software uses a 64-bit key generated by the built-in...

5.3CVSS5.8AI score0.00174EPSS
Exploits0References6
OSV
OSV
added 2026/05/03 9:55 a.m.4 views

OESA-2026-2122 systemd security update

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. Security Fixes: systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References2
RustSec
RustSec
added 2026/04/13 12:0 p.m.12 views

`microsoftsystem64` was removed from crates.io for malicious code

microsoftsystem64 installs a hardcoded SSH authorizedkeys entry persistence/backdoor and scans for sensitive files .env, credential-like JSON names, keyword-matching docs, reads their contents, base64-encodes where needed, and exfiltrates everything to a remote server via HTTP. It also packages a...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/03 9:31 p.m.2 views

EUVD-2026-18825

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 9:17 p.m.6 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS0.00279EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/03 8:27 p.m.10 views

CVE-2026-22663 prompts.chat Authorization Bypass Information Disclosure

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS0.00279EPSS
Exploits0References3
CVE
CVE
added 2026/04/03 8:27 p.m.7 views

CVE-2026-22663

CVE-2026-22663 affects prompts.chat prior to commit 7b81836, where missing isPrivate authorization checks across API endpoints and page metadata generation allow unauthorized access to sensitive data tied to private prompts. The vulnerability enables retrieval of private prompt version history, c...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:27 p.m.2 views

CVE-2026-22663

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30227

prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can exploit these missing...

8.7CVSS5.9AI score0.00279EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.7 views

Suricata 安全漏洞

Suricata is a network IDS, IPS, and NSM engine developed by the Open Information Security Foundation. Versions of Suricata prior to 8.0.0 and 8.0.4 contained security vulnerabilities. These vulnerabilities stemmed from a quadratic complexity issue during the search for URLs in MIME-encoded SMTP...

7.5CVSS5.8AI score0.00272EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.5 views

changedetection.io 信息泄露漏洞

changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Versions of changedetection.io prior to 0.54.7 contained a vulnerability related to information leakage. This vulnerability stemmed from the use of filter...

8.3CVSS5.8AI score0.00475EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.1 views

A Large-Scale Empirical Study on the Generalizability of Disclosed Java Library Vulnerability Exploits

Open-source software supply chain security relies heavily on assessing affected versions of library vulnerabilities. While prior studies have leveraged exploits for verifying vulnerability affected versions, they point out a key limitation that exploits are version-specific and cannot be directly...

6.2AI score
Exploits0
NVD
NVD
added 2026/03/23 10:16 p.m.4 views

CVE-2026-29111

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

5.5CVSS0.00121EPSS
Exploits0References11
EUVD
EUVD
added 2026/03/10 9:32 p.m.6 views

EUVD-2026-10756

Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...

7.5CVSS5.8AI score0.00481EPSS
Exploits2References5
EUVD
EUVD
added 2026/03/06 5:35 p.m.6 views

EUVD-2026-10050

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to versions 7.8.6, 7.9.8, 7.10.7, 7.11.4, 7.12.4, 7.13.3, and 8.0.0, a critical authentication bypass vulnerability exists in Rocket.Chat's account service used in the ddp-streamer micro service that allows a...

9.3CVSS5.8AI score0.00498EPSS
Exploits0References3
CVE
CVE
added 2026/02/06 10:37 p.m.14 views

CVE-2026-25757

Spree (Ruby on Rails) is affected prior to versions 5.0.8, 5.1.10, 5.2.7, and 5.3.2. The root cause is that the OrdersController#show endpoint allows unauthenticated access to view completed guest orders by Order ID, and authorize_access does not enforce proper authorization for guest orders. Thi...

8.7CVSS5.3AI score0.00441EPSS
Exploits1References8Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 10:9 a.m.6 views

CVE-2019-11950

A remote code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...

9CVSS7.9AI score0.05813EPSS
Exploits0References1
NVD
NVD
added 2025/11/13 10:15 p.m.4 views

CVE-2025-64753

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

6.5CVSS0.00196EPSS
Exploits0References2
OSV
OSV
added 2025/11/13 9:46 p.m.5 views

CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions

grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions of that document and receive a full list of changes between versions, even if those changes contained cells, columns, or...

5.3CVSS6.4AI score0.00196EPSS
Exploits0References4
Rows per page
Query Builder