Lucene search
K

2853432 matches found

Cvelist
Cvelist
added yesterday8 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-61456

creationtimestamp| type| source ---|---|--- 2026-07-10 16:37:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqclhnwrcu2e 2026-07-10 20:20:27+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxwefthh2a 2026-07-10 22:19:19+00:00| seen|...

5.1CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-42951

Grav is a file-based Web platform. Prior to 2.0.0, an authenticated admin.super user can crash Grav or fill the disk by uploading a specially crafted ZIP archive through the Direct Install tool because Installer::unZip calls ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score
Exploits1References3
CVE
CVE
added yesterday5 views

CVE-2026-59193

Grav CMS is a file-based web platform. Before version 2.0.0, an authenticated admin.super user could trigger a denial of service by uploading a specially crafted ZIP via the Direct Install tool, because Installer::unZip uses ZipArchive::extractTo without limits on uncompressed size, entry count, ...

6.9CVSS6.1AI score
Exploits1References3Affected Software1
Circl
Circl
added yesterday3 views

CVE-2026-61441

creationtimestamp| type| source ---|---|--- 2026-07-10 16:32:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcl6piort2i 2026-07-10 22:21:24+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqd6omq2ei26 2026-07-10 23:26:14+00:00| seen|...

7.1CVSS6.1AI score
Exploits0References3
Circl
Circl
added yesterday4 views

CVE-2026-60086

creationtimestamp| type| source ---|---|--- 2026-07-10 16:24:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqckqcwydo2z 2026-07-10 20:23:11+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcy3aa7mh22...

6.9CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-61492

creationtimestamp| type| source ---|---|--- 2026-07-10 16:18:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqckeuxhu526 2026-07-10 20:21:02+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxxf2ixm2d 2026-07-10 22:29:17+00:00| seen|...

6.1CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday14 views

CVE-2026-55890

Grav CVE-2026-55890 concerns stored CSS injection via Markdown image style parameters that reach MediaObjectTrait::style(). The incomplete patch from GHSA-r7fx-8g49-7hhr fixed attribute() (denying dangerous attribute names) but leaves the sibling style() sink unmitigated, allowing editor-supplied...

4.8CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-54149

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS
Exploits0References2
Circl
Circl
added yesterday3 views

CVE-2026-61444

creationtimestamp| type| source ---|---|--- 2026-07-10 16:15:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqck7yabkh27 2026-07-10 16:46:05+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqclwzjjnb2f 2026-07-10 20:16:31+00:00| seen|...

9.4CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added yesterday8 views

CVE-2026-15377 Eleveo Call Recording Software sendlogfile improper authorization

A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

5.3CVSS
Exploits0References5
CVE
CVE
added yesterday23 views

CVE-2026-55885

CVE-2026-55885 (Grav) : An authenticated admin with backup permissions can download a ZIP of the Grav installation via the backup/download endpoint, exposing sensitive data: admin.yaml with the administrator password hash and site configuration under user/config. The vulnerability stems from (1) ...

6.8CVSS6AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-59796

creationtimestamp| type| source ---|---|--- 2026-07-10 16:12:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqck3iudxm2x 2026-07-10 20:22:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcy2mf6472z...

8.1CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday3 views

CVE-2026-61434

creationtimestamp| type| source ---|---|--- 2026-07-10 16:10:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjxeiech2k 2026-07-10 20:19:37+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxuudb3h2a 2026-07-10 23:30:34+00:00| seen|...

8.8CVSS6.1AI score
Exploits0References3
Circl
Circl
added yesterday6 views

CVE-2026-59795

creationtimestamp| type| source ---|---|--- 2026-07-10 16:08:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjtjjswp2i 2026-07-10 20:18:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxsjs6fe2e...

8.1CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday4 views

CVE-2026-60091

creationtimestamp| type| source ---|---|--- 2026-07-10 16:06:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjpwr6kh2q 2026-07-10 20:15:05+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxmqnilo2c...

7.2CVSS6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-61455

creationtimestamp| type| source ---|---|--- 2026-07-10 16:04:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjml5p5g2q 2026-07-10 20:20:02+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqcxvm3lsn26 2026-07-10 20:20:06+00:00| seen|...

7.1CVSS6.1AI score
Exploits0References6
CVE
CVE
added yesterday5 views

CVE-2026-59180

Apprise before v1.11.0 vulnerable: HTTP-based notification plugins and HTTP loaders (apprise/attachment/http.py, apprise/config/http.py) follow redirects and resend configured auth headers and query parameters. This can leak secrets (Authorization headers, bearer tokens, service keys) to a compro...

3.1CVSS6.1AI score
Exploits0References4
Circl
Circl
added yesterday3 views

GHSA-HJR6-G723-HMFM

creationtimestamp| type| source ---|---|--- 2026-07-10 16:01:02+00:00| seen| https://thehackernews.com/2026/07/researcher-details-whatsapp-to-host.html 2026-07-10 20:00:23+00:00| seen| https://bsky.app/profile/iberianm.bsky.social/post/3mqcwsfxjof2i 2026-07-11 01:00:51+00:00| seen|...

6.1AI score
Exploits0References2
Circl
Circl
added yesterday5 views

CVE-2026-15143

creationtimestamp| type| source ---|---|--- 2026-07-10 16:01:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqcjgg6g4b26 2026-07-10 16:46:06+00:00| seen| https://bsky.app/profile/stackflag.bsky.social/post/3mqclx3547y2b 2026-07-10 22:19:41+00:00| seen|...

9.3CVSS6.1AI score
Exploits0References4
Rows per page
Query Builder