Lucene search
K

256 matches found

CVE
CVE
added 3 days ago6 views

CVE-2026-59193

Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score0.0039EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/06 8:59 p.m.13 views

CVE-2026-14468

Terraform Enterprise contains a vulnerability in its VCS ingestion of registry modules where the boundary on packaged module content was not correctly enforced. An authenticated user could include files from outside the intended repository content in a module and then download them, potentially e...

7.7CVSS6AI score0.00295EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:52 p.m.3 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2026-54839

The CVE concerns the WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin, affected

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42611

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged with the ability to create a page user can cause XSS with the injection of svg element. The XSS can further be escalated to dump the entire system information available under /admin/config/info whenever a Super Admin visit...

8.9CVSS5.4AI score0.003EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/02 10:50 p.m.42 views

CVE-2026-35482 alf.io has an Authenticated RCE via Extension Script Sandbox Escape

alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script engine allows an authenticated administrator to execute arbitrary operating system commands on the...

8CVSS0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.12 views

StokedOnIt Notebook Pro 安全漏洞

StokedOnIt Notebook Pro is a digital note management software from StokedOnIt. A security vulnerability exists in StokedOnIt Notebook Pro version 2.0, which stems from a denial of service in the notebook name field, which could lead to a local attacker crashing the application by supplying an...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.10 views

WordPress plugin ProSolution WP Client 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

9.8CVSS6AI score0.00978EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/18 9:0 p.m.11 views

@appthen/x6-plugins (=0.1.4), @arch-diagram/core (>=0.0.1 <=0.0.2) +50 more potentially affected by unknown CVE via @antv/x6-plugin-stencil (>=2.0.2 <=2.1.5)

@antv/x6-plugin-stencil NPM version =2.0.2, =0.0.1, =0.0.2, =0.0.3, =0.0.1, =0.0.3, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.17 - @xrhcc-flow/busiflow =1.0.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-ANTVX6PLUGINSTENCIL-16754383...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.13 views

PT-2026-39461

A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was...

4.6CVSS5.2AI score0.00139EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:23 a.m.10 views

EUVD-2026-28501

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...

5.1CVSS5.5AI score0.00174EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

zrok 路径遍历漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the WebDAV driver’s backend, which restricted path traversal through lexical normalization but did not prevent symbolic links fro...

8.7CVSS5.8AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 2:15 p.m.8 views

JLSEC-2026-365

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

7.5CVSS7.4AI score0.01265EPSS
Exploits0References13
OSV
OSV
added 2026/04/30 2:15 p.m.9 views

JLSEC-2026-364

There is a heap overflow problem in video/SDLpixels.c in SDL Simple DirectMedia Layer 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution...

8.8CVSS5.5AI score0.01986EPSS
Exploits0References8
CVE
CVE
added 2026/04/27 12:3 a.m.17 views

CVE-2026-33277

CVE-2026-33277 concerns an OS command injection in LogonTracer prior to v2.0.0. A logged-in user can cause arbitrary OS commands to execute due to the vulnerability in how input is processed. Affected software: LogonTracer (before version 2.0.0). The root cause is an input handling flaw that allo...

8.8CVSS8.3AI score0.01213EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/26 10:15 p.m.25 views

CVE-2026-7062

Technical details (affected products, components, patch info) are not publicly available in the provided documents. Monitor for updates.

7.5CVSS7AI score0.01368EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-33436

Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft a file with a...

6.1CVSS5.7AI score0.00168EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/14 11:41 p.m.4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the VerifyTimestampResponse function when a forged certificate is prepended to the certificate bag. An attacker can bypass authorization checks by supplying a payload where the signature is validated...

6.7CVSS5.3AI score0.00099EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 9:9 p.m.18 views

CVE-2026-34160

Chamilo LMS prior to 2.0.0-RC.3 is affected. The PENS plugin endpoint at public/plugin/Pens/pens.php allows unauthenticated access and accepts a user-controlled package-url that is fetched via curl without filtering private/internal IPs, enabling unauthenticated SSRF. Impact includes probing inte...

8.6CVSS5.7AI score0.00344EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder