Lucene search
+L

10525 matches found

cve
cve
added 2026/06/26 12:0 a.m.22 views

CVE-2026-30041

CVE-2026-30041 affects FastStone Image Viewer v8.3 and earlier, due to an integer overflow in the PSD parser component caused by invalid height handling, which leads to a heap-based buffer overflow. Exploitation with a crafted PSD file could allow arbitrary code execution or cause a DoS. Public s...

7.5CVSS6.2AI score0.00571EPSS
Exploits0References2
osv
osv
added 2026/06/25 6:43 p.m.4 views

GO-2026-5286 Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer in code.gitea.io/gitea

Gitea: Stored XSS via glTF extensionsRequired in Gitea 3D File Viewer in code.gitea.io/gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References1
ics
ics
added 2026/06/25 6:0 a.m.21 views

OHIF Viewers DICOM

ADVISORY SUMMARY Successful exploitation of this vulnerability in a custom integration version could allow an attacker to steal an authenticated clinician's token via a crafted link. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

8.3CVSS6AI score0.00232EPSS
Exploits0References13
nessus
nessus
added 2026/06/25 12:0 a.m.10 views

AlmaLinux 8 : evince (ALSA-2026:28998)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:28998 advisory. atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen CVE-2026-46529 Tenable has extracted the preceding...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References3
osv
osv
added 2026/06/24 6:40 p.m.3 views

DRUPAL-CONTRIB-2026-059

The module adds support for the mirador viewer in WissKI and enables annotations on images via the mirador viewer. It does not sufficiently check the submitted parameters via a route and writes these to the session object without further checks, which can lead to Access Bypass. This vulnerability...

6.5CVSS5.9AI score0.00159EPSS
Exploits0References1
redhat
redhat
added 2026/06/24 1:9 p.m.9 views

Important: Red Hat Security Advisory: evince security update

An update for evince is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.4CVSS5.9AI score0.00529EPSS
Exploits1References2
osv
osv
added 2026/06/24 12:3 p.m.7 views

RLSA-2026:27819 Important: evince security update

The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files, and, with additional back-ends, also the Device Independent File format DVI files. Security Fixes: atril: evince: xreader: PDF /GoToR action argv...

7.8CVSS5.9AI score0.00529EPSS
Exploits1References2
susecve
susecve
added 2026/06/24 2:45 a.m.7 views

SUSE CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.4 views

PT-2026-52172

Name of the Vulnerable Software and Affected Versions WissKI versions 0.0.0 through 4.2.0 Description A missing authorization issue in the wisski mirador submodule allows forceful browsing and access bypass. The module fails to sufficiently validate parameters submitted via a route before writing...

6.1AI score0.00159EPSS
Exploits0References3
nessus
nessus
added 2026/06/24 12:0 a.m.9 views

RHEL 8 : evince (RHSA-2026:28998)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:28998 advisory. The evince packages provide a simple multi-page document viewer for Portable Document Format PDF, PostScript PS, Encapsulated PostScript EPS files,...

8.4CVSS6AI score0.00529EPSS
Exploits1References4
attackerkb
attackerkb
added 2026/06/23 8:38 p.m.6 views

CVE-2026-46552

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID xc-shared-base-id, an attacker could enumerate base members and invite an arbitrary email in...

5.8CVSS6AI score0.00296EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/23 5:17 p.m.8 views

CVE-2026-44960

A stored XSS can be exploited by leveraging the usernames as an attack vector. When an admin user viewed the audit log details for affected entries, any malicious JavaScript payload embedded in the username would be executed due to missing output sanitisation. Proper escaping has been added to th...

0.00339EPSS
Exploits0References1
astralinux
astralinux
added 2026/06/23 11:48 a.m.11 views

Astra Linux – Vulnerability in Firefox

Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

4.3CVSS6.1AI score0.00284EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/23 12:0 a.m.18 views

PT-2026-51652

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service DoS via supplying a crafted PSD file...

7.5CVSS6.2AI score0.00571EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/22 7:32 p.m.11 views

CVE-2026-10601

A flaw was found in the Tempo and Loki datasource plugins. A remote attacker with a Viewer role could exploit a path traversal vulnerability by manipulating user-supplied input in URL paths. This could allow the attacker to capture sensitive administrator-configured datasource credentials, invoke...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References4
nvd
nvd
added 2026/06/22 2:17 p.m.12 views

CVE-2026-42129

A user with Viewer permissions can use a path traversal in the Loki data source plugin to reach administrative Loki endpoints and read sensitive backend configuration and internal service information...

7.7CVSS0.00394EPSS
Exploits0References1
nvd
nvd
added 2026/06/22 2:16 p.m.13 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS0.00258EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/22 1:18 p.m.5 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0
euvd
euvd
added 2026/06/22 1:18 p.m.7 views

EUVD-2026-38242

The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: 1 capture admin-configured datasource credentials secureJsonData custom headers by traversing to an...

5.4CVSS5.9AI score0.00258EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 1:18 p.m.86 views

CVE-2026-10601

A user with Viewer permissions can use specially crafted requests to the Tempo and Loki data source plugins to reach unintended backend endpoints. Depending on the backend configuration this can expose data source credentials, leak internal responses, or trigger administrative actions on the...

5.4CVSS6.1AI score0.00258EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder