Lucene search
+L

10526 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Adobe Acrobat Reader 资源管理错误漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...

7.8CVSS7.6AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/08 12:6 p.m.12 views

EUVD-2026-35051

Incorrect authorization in the User Messages dashboard widget in Checkmk 2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing an attacker who knows a valid public dashboard share token to read the issuer's personal messages by...

6.3CVSS5.4AI score0.00187EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: yelp

Issue Overview: A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help document can use a CSS stylesheet embedded in an SVG image to exfiltrate the contents of local files such as files under /proc to an external server witho...

7.4CVSS6.8AI score0.12592EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.14 views

CVE-2026-50231

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

7.2CVSS5.6AI score0.00183EPSS
Exploits2References1
NVD
NVD
added 2026/06/06 11:16 a.m.13 views

CVE-2026-11408

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS0.01114EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 10:30 a.m.47 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS0.01114EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/06 10:30 a.m.14 views

EUVD-2026-34965

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/06 10:30 a.m.11 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/06 10:30 a.m.10 views

CVE-2026-11408

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/06/06 10:30 a.m.4 views

CVE-2026-11408 vertex-app vertex Log Viewer Endpoint LogMod.js os command injection

A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulation of the argument req.query leads to os command injection. The attack can be executed remotely. Th...

5.3CVSS6.3AI score0.01114EPSS
Exploits0References10
CVE
CVE
added 2026/06/06 10:30 a.m.35 views

CVE-2026-11408

Summary of CVE-2026-11408 : A vulnerability exists in vertex-app up to 2026.02.12 affecting the Log Viewer Endpoint, specifically the file app/model/LogMod.js. The issue arises from processing of the query parameter req.query, enabling an os command injection. This can be exploited remotely; expl...

6.5CVSS6.3AI score0.01114EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.13 views

VERTEX 操作系统命令注入漏洞

VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. Versions of vertex-app and vertex released on February 12, 2026, and earlier have a vulnerability related to operating system command injection. This...

6.5CVSS6.6AI score0.01114EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.20 views

PT-2026-47150

Name of the Vulnerable Software and Affected Versions vertex-app vertex versions prior to 2026.02.12 Description An issue exists in the Log Viewer Endpoint component within the file app/model/LogMod.js. Improper processing of the req.query argument allows for remote OS command injection, which...

6.5CVSS6.9AI score0.01114EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-34538

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6.5CVSS5.7AI score0.00685EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-30691

Cross-Site Scripting XSS vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode...

6.1CVSS5.9AI score0.00298EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-21730

Verba is affected by a Stored Cross-Site Scripting XSS vulnerability within its login logging mechanism. When an unauthenticated remote attacker attempts to log in using an incorrect username and password combination, the supplied username value is recorded in the application logs. Due to lack of...

6.1CVSS5.5AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.4AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.12 views

CVE-2026-5921

A server-side request forgery SSRF vulnerability was identified in GitHub Enterprise Server that allowed an attacker to extract sensitive environment variables from the instance through a timing side-channel attack against the notebook rendering service. When private mode was disabled, the notebo...

9.5CVSS5.4AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5301

Stored XSS in log viewer in CoolerControl/coolercontrol-ui 4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries...

7.6CVSS5.4AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45083

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

9.8CVSS5.6AI score0.0041EPSS
Exploits0References1
Rows per page
Query Builder