Lucene search
K

11600 matches found

OSV
OSV
added 2026/06/24 11:16 p.m.4 views

DEBIAN-CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS5.9AI score0.00456EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 11:16 p.m.9 views

CVE-2026-39948

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.8CVSS0.00456EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 11:16 p.m.3 views

UBUNTU-CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.8AI score0.00315EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:6 p.m.37 views

CVE-2026-39948

Cacti

9.8CVSS5.9AI score0.00456EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 10:49 p.m.23 views

CVE-2026-39955 Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 10:49 p.m.27 views

CVE-2026-39955

CVE-2026-39955 affects Cacti up to version 1.2.30, with a pre-authentication SQL injection caused by an unanchored FILTER_VALIDATE_REGEXP in graph_view.php. The issue is fixed in version 1.2.31. Impact centers on unauthorized access to potentially sensitive data before authentication; exploitatio...

9.8CVSS5.9AI score0.00315EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 10:49 p.m.5 views

CVE-2026-39955

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTERVALIDATEREGEXP in graphview.php. This issue has been fixed in version 1.2.31...

9.8CVSS5.9AI score0.00315EPSS
Exploits0
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-54158

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-50551

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:45 p.m.27 views

CVE-2026-39893 Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

9.8CVSS0.00363EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 9:45 p.m.52 views

CVE-2026-39893

Cacti is affected by a pre-auth SQL injection in versions up to 1.2.30 via the rfilter input concatenated into a RLIKE clause in graph_view.php. The vulnerability could be reached without authentication if graph viewing is enabled for a guest user, making it exploitable pre-auth. The issue has be...

9.8CVSS5.9AI score0.00363EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/24 9:20 p.m.7 views

CVE-2026-50551

CVE-2026-50551 affects SiYuan prior to 3.7.0, where a stored XSS in the Attribute View (database) asset cell renderer can escalate to remote code execution in the Electron desktop client. The issue is fixed in 3.7.0. CVSS~3.1 metrics indicate high impact on confidentiality, integrity, and availab...

9.9CVSS6.4AI score0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:20 p.m.13 views

CVE-2026-50551 SiYuan: Stored XSS to RCE via Unsanitized Attribute View Asset Cell Content

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan contains a stored cross-site scripting XSS vulnerability in the Attribute View database asset cell renderer that escalates to remote code execution RCE in the Electron desktop client. This vulnerability is fixed...

9.9CVSS0.0044EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:19 p.m.10 views

CVE-2026-54158

SiYuan CVE-2026-54158: A stored XSS in the attribute-view cell renderer (genAVValueHTML) can break out of its tag with crafted values in text/url/phone/mAsset, potentially leading to RCE in Electron if nodeIntegration is enabled. The issue persists in AV files under the workspace and propagates a...

9.9CVSS6AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:19 p.m.16 views

CVE-2026-54158 SiYuan: Stored XSS to RCE via attribute-view cell rendering in genAVValueHTML()

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view database cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, url, phone, and mAsset. A cell value like or " breaks out of its surrounding tag and runs arbitrary...

9.9CVSS0.00289EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52799

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRESIGNINVIEW = false, we...

7.5CVSS0.00422EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38800

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:16 p.m.6 views

CVE-2026-13164

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS0.00406EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/24 4:16 p.m.5 views

Deserialization of Untrusted Data

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ApplyFeatureView handler of registryserver.py, which calls FeatureView.fromproto and deserializes the feature view's embedded user-defined function before the appl...

9.8CVSS6.2AI score0.00862EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 4:16 p.m.9 views

CVE-2026-50701

A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...

5.1CVSS0.00268EPSS
Exploits0References2
Rows per page
Query Builder