Lucene search
K

7 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-43087

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score
Exploits0References11
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

JetBrains IntelliJ IDEA 安全漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 contained a security vulnerability; this vulnerability could allow command execution due to guest user...

8.8CVSS5.9AI score0.00332EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

JetBrains IntelliJ IDEA 操作系统命令注入漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to version 2026.1.1 had a vulnerability related to operating system command injection, which stemmed from filename completion...

7.8CVSS5.8AI score0.00455EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 9:20 p.m.6 views

EUVD-2026-8895

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

5.3CVSS5.4AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 9:20 p.m.4 views

CVE-2026-27154 Discourse has XSS when editing a malicious post

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/26 8:0 p.m.5 views

CVE-2026-27152 DIscourse has DM communication-preference bypass when adding members

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...

5.3CVSS6AI score0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

Discourse 信息泄露漏洞

Discourse is an open-source community discussion platform developed by Discourse. This platform includes features such as communities, email communication, and chat rooms. Versions of Discourse before 2025.12.2, 2026.1.1, and 2026.2.0 contained a security vulnerability related to information...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder