Lucene search
+L

327 matches found

osv
osv
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1797 Cross-Frame Scripting vulnerability has been found on Plone CMS

A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element...

7.1CVSS6.9AI score0.00294EPSS
Exploits0References5
ossf
ossf
added 2026/07/03 11:50 p.m.10 views

Malicious code in bytekit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0bbaea22b635a4a8425964572b733b806f45714a9090492d1c39d545088fe336 The package was found to contain malicious code or consuming dependency that contains malicious code Source: kam193...

6.1AI score
Exploits0References4
patchstack
patchstack
added 2026/06/29 4:17 p.m.6 views

WordPress Editorial Rating – Product Review & Rating System plugin <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin Editorial Rating – Product Review & Rating System versions = 4.0.5...

4.4CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
circl
circl
added 2026/06/17 2:0 a.m.10 views

CVE-2026-50656

creationtimestamp| type| source ---|---|--- 2026-06-17 02:00:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moh7qulrzn2n 2026-06-17 08:36:55+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-607 2026-06-17 10:00:59+00:00| seen|...

7.8CVSS7AI score0.03391EPSS
Exploits0References101
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.23 views

PT-2026-48266

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/06/05 7:24 p.m.11 views

CVE-2026-8423

The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active...

4.3CVSS5.4AI score0.00179EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS5.4AI score0.0043EPSS
Exploits1References1
osv
osv
added 2026/06/04 7:16 p.m.11 views

DEBIAN-CVE-2026-40898

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

7.5CVSS5.4AI score0.00279EPSS
Exploits0References1
osv
osv
added 2026/06/03 11:1 a.m.6 views

SUSE-SU-2026:2236-1 Security update for vim

This update for vim fixes the following issues - CVE-2026-42307: Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim bsc1264706. - CVE-2026-43961: Vimscript Code Injection in netrw NetrwMarkFile via crafted filename bsc1265349. -...

7CVSS5.8AI score0.00917EPSS
Exploits1References12
osv
osv
added 2026/06/02 3:38 p.m.7 views

CVE-2026-42073 OpenClaude's MCP OAuth Callback: State Check Bypass via error Param Leads to DoS

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP authentication flow starts a temporary local HTTP server to handle OAuth callbacks. To prevent CSRF attacks, the server validates a state parameter...

6.5CVSS5.9AI score0.00219EPSS
Exploits1References5
nvd
nvd
added 2026/06/01 7:16 p.m.15 views

CVE-2026-45729

Thor Vector Graphics ThorVG is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run allows any caller that passes untrusted SVG data to Picture::load to crash the process with a 6-byte payload. This issue has been patched in version 1.0.5...

4.3CVSS0.00235EPSS
Exploits0References4
circl
circl
added 2026/06/01 1:55 a.m.16 views

CVE-2026-40544

creationtimestamp| type| source ---|---|--- 2026-06-01 01:55:00+00:00| seen| https://cert.pl/en/posts/2026/06/CVE-2026-40543...

5.1CVSS5.8AI score0.00295EPSS
Exploits0References1
nessus
nessus
added 2026/05/30 12:0 a.m.12 views

Fedora 43 : pdns (2026-6458693037)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-6458693037 advisory. - Update to 5.0.5 - Fix for CVE-2026-42000, CVE-2026-42001, CVE-2026-42002, CVE-2026-41999, CVE-2026-42396 Security Advisory:...

8.6CVSS5.8AI score0.00365EPSS
Exploits0References6
euvd
euvd
added 2026/05/29 12:42 p.m.15 views

EUVD-2026-33297

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

7.6CVSS6AI score0.00272EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/20 12:0 a.m.10 views

PT-2026-42121

Name of the Vulnerable Software and Affected Versions Ruby versions 4.0.0 through 4.0.4 Description Security issues were identified in the Ruby language implementation that require remediation to ensure system security. Recommendations Update Ruby to version 4.0.5...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References12
vulnrichment
vulnrichment
added 2026/05/15 9:17 p.m.9 views

CVE-2026-45345 Open WebUI: Missing authorization check at the model update function - models from other users can be updated

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/05/15 9:17 p.m.6 views

CVE-2026-45345

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.7, a user can modify another user's model even if its visibility is set to Private. By changing the access permissions during editing, unauthorized access can be gained. This...

6.5CVSS5.8AI score0.00226EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/05/15 9:12 p.m.5 views

CVE-2026-45347 Open WebUI: Blind server side request forgery (SSRF) via the PDF generate function

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.5.11, there is a blind server side request forgery SSRF via the PDF generate function. In the PDF export, user inputs are interpreted as HTML and embedded into the PDF. According to tests...

4.3CVSS6.1AI score0.00186EPSS
Exploits1References3
githubexploit
githubexploit
added 2026/05/14 9:15 p.m.283 views

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Silentium — HackTheBox Writeup Platform: HackTheBox...

10CVSS7.8AI score0.90183EPSS
Exploits29
osv
osv
added 2026/05/12 8:38 a.m.9 views

BIT-ARGO-WORKFLOWS-2026-42296 Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, a user with create Workflow permission can bypass templateReferencing: Strict to get host network access, switch service accounts, override pod...

8.1CVSS5.7AI score0.00424EPSS
Exploits2References8
Rows per page
Query Builder