Lucene search
K

33 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-10643

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

8.7CVSS0.00117EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-10643

Zephyr's IP socket recvmsg implementation subsys/net/lib/sockets/socketsinet.c, insertpktinfo validated the user-supplied ancillary msgcontrol buffer using only the payload length msg-msgcontrollen pktinfolen before writing a full control message consisting of an aligned cmsg header plus the...

8.7CVSS6AI score0.00117EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Wireshark

In Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13, the VMS TCPIP trace file parser crashes. This issue allows for denial of service through malicious capture files...

6.5CVSS6.8AI score0.01787EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Wireshark

The NetScaler file parser crashes in Wireshark versions 4.0.0 to 4.0.5, and 3.6.0 to 3.6.13. This issue allows for denial of service through crafted capture files...

6.5CVSS6.8AI score0.01787EPSS
Exploits1References1
NVD
NVD
added 2026/06/12 9:16 p.m.10 views

CVE-2026-42853

ApostropheCMS is an open-source Node.js content management system. Versions of the @apostrophecms/cli package up to and including 3.6.0 contain a command injection vulnerability in the apos create command. User-supplied input from the password prompt is embedded directly into a shell command...

6.5CVSS0.00428EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 6:16 p.m.25 views

CVE-2026-7308

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS0.00266EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 5:17 p.m.9 views

CVE-2026-7308

CVE-2026-7308 (Nexus Repository) : An authenticated user with upload permissions can store content that triggers arbitrary JavaScript in the browser of any user visiting the repository HTML index page, via Nexus Repository versions 3.6.0–3.91.x (3.92.0 fixes this). The attack is a stored XSS on t...

5.1CVSS6AI score0.00266EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 5:17 p.m.38 views

CVE-2026-7308 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) via HTML Browse Page

An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via the HTML index page in Sonatype Nexus Repository versions 3.6.0 through versions before 3.92.0. Th...

5.1CVSS0.00266EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

Sonatype Nexus Repository 跨站脚本漏洞

Sonatype Nexus Repository is a repository manager developed by Sonatype, Inc. in the United States. It is primarily used for managing, storing, and distributing software, etc. Versions of Sonatype Nexus Repository from 3.6.0 to 3.92.0 contained a cross-site scripting vulnerability. This...

5.1CVSS5.8AI score0.00266EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/08 3:0 p.m.4 views

sigstore (>=3.6.0 <=3.6.1) potentially affected by CVE-2026-33753 via rfc3161-client (>=0.0.4 <=0.1.2)

rfc3161-client PYPI version =0.0.4, =3.6.0, =3.6.1 Source cves: CVE-2026-33753 Source advisory: OSV:GHSA-3XXC-PWJ6-JGRJ...

7.5CVSS5.4AI score0.00188EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.8 views

SiYuan 跨站脚本漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan from 3.6.0 to 3.6.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the SanitizeSVG function being bypassed, allowing cross-site scripting attacks to occur...

8.6CVSS5.6AI score0.00469EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 3:33 a.m.3 views

CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

9.3CVSS5.7AI score0.00302EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 3:19 a.m.3 views

CVE-2026-32938

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the /api/lute/html2BlockDOM on the desktop copies local files pointed to by file:// links in pasted HTML into the workspace assets directory without validating paths against a sensitive-path list. Together with GET...

9.9CVSS5.7AI score0.00414EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2025/11/03 9:10 p.m.13 views

WordPress Post SMTP plugin <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability

Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure vulnerability discovered by netranger in WordPress Plugin Post SMTP versions = 3.6.0...

9.8CVSS7AI score0.51507EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2025/11/03 8:37 p.m.411 views

Exploit for CVE-2025-11833

Unauthorized Data Access in Post SMTP Plugin for WordPress CV...

9.8CVSS6.4AI score0.51507EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-3253

Malicious code in bioql PyPI...

9.8CVSS9AI score0.01085EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin Perfect Brands for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

8.5CVSS7.5AI score0.00243EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-3724

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows CVE-2022-37...

7.5CVSS7.2AI score0.02345EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:22 a.m.6 views

CVE-2024-3598

The ElementsKit Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Creative Button widget in all versions up to, and including, 3.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS6AI score0.00323EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/04/15 12:0 a.m.3 views

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to obtain the serial number of a smart meter...

6.9CVSS6.7AI score0.00398EPSS
Exploits0References1
Rows per page
Query Builder