Lucene search
K

761 matches found

CVE
CVE
added 2026/06/10 2:57 p.m.35 views

CVE-2026-25700

CVE-2026-25700 relates to Apache Answer prior to version 2.0.1, where administrative tokens issued before an admin account was suspended, deleted, or deactivated were not invalidated. This allowed continued access to administrative APIs until those tokens expired. Affected product: Apache Answer ...

7.2CVSS5.4AI score0.00448EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 7:32 a.m.41 views

CVE-2026-25688 Apache Answer: XSS in AI Answer Rendering

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

0.00406EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 7:32 a.m.12 views

EUVD-2026-35367

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

6.1CVSS5.3AI score0.00406EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-7509

The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's the-subtitle shortcode before and after attributes in all versions up to, and including, 4.0.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This...

6.4CVSS5.7AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-9807

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.10 views

CVE-2026-6621

A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument proto causes improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The...

7.5CVSS6.9AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6809

The Social Post Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Threads embed handler in all versions up to, and including, 2.0.1. This is due to insufficient input sanitization and output escaping on the user-supplied URL. This makes it possible for authenticated...

6.4CVSS5.7AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.13 views

CVE-2026-43897

Link Preview JS extracts web links information. Prior to 4.0.1, the library did not check for IPv6 loopback attacks. There was also a DNS attack, where an address could be resolved into an internal IP. This could cause internal data leaks. This vulnerability is fixed in 4.0.1...

8.7CVSS5.4AI score0.00432EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.9 views

CVE-2024-47097

Cross Site Scripting vulnerability in Follet School Solutions Destiny before v22.0.1 AU1 allows a remote attacker to run arbitrary client-side code via the site parameter of handleloginform.do...

5.1CVSS5.6AI score0.00319EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 4:46 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SquashFS ReadBlock function. An attacker can cause disclosure of heap memory contents by providing a specially crafted SquashFS archive with a manipulated node.Offset value, which bypasses fragment bounds check...

8.1CVSS5.4AI score0.00324EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46317

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 6:16 a.m.10 views

UBUNTU-CVE-2026-50052

In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...

2.3CVSS5.4AI score0.00349EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:48 a.m.9 views

CVE-2026-2425

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'newdomain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6AI score0.00208EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 2:16 p.m.18 views

CVE-2026-46510

form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys e.g. namesub into nested objects without filtering proto, constructor, or prototype. A single HTTP form field whose name starts with proto... causes the library to mutate...

8.2CVSS0.00282EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 7:34 a.m.11 views

EUVD-2026-32742

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed a blocked Project Access Token to continue accessing private resources due to incorrect authorization...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.21 views

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References9
NVD
NVD
added 2026/05/27 7:16 p.m.15 views

CVE-2026-2601

GitLab has remediated an issue in GitLab EE affecting all versions from 11.5 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authenticated user with developer-role permissions to access sensitive deployment data on projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.18 views

Northern.tech Mender Server 安全漏洞

Northern.tech Mender Server is an IoT server-side software developed by the American company Northern.tech. Versions of Northern.tech Mender Server such as 4.1.0, 4.0.1, and earlier have security vulnerabilities, which are due to a vulnerability that makes the system susceptible to directory...

3.7CVSS5.8AI score0.0052EPSS
Exploits2References3
CVE
CVE
added 2026/05/25 2:0 p.m.27 views

CVE-2026-47069

CVE-2026-47069 describes a CRLF Injection in the Hackney library. The vulnerability arises from hackney_cookie:setcookie/3: Name/Value are checked for CRLF, but the domain and path options are concatenated into the output iolist without validation. An attacker controlling either option (e.g., Hos...

5.3CVSS6AI score0.00374EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder