Lucene search
K

38412 matches found

OSV
OSV
added 2026/03/30 8:17 a.m.1 views

SUSE-SU-2026:20982-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat bsc125290...

9.6CVSS6.8AI score0.66535EPSS
Exploits4References14
OSV
OSV
added 2026/03/30 8:13 a.m.3 views

OPENSUSE-SU-2026:20444-1 Security update for tomcat10

This update for tomcat10 fixes the following issues: Update to Tomcat 10.1.52: - CVE-2025-55752: directory traversal via rewrite with possible RCE if PUT is enabled bsc1252753. - CVE-2025-55754: Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat bsc125290...

9.6CVSS6.8AI score0.66535EPSS
Exploits4References13
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:20 a.m.7 views

Security Bulletin: IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727.

Summary IBM Edge Data Collector uses time-0.3.37.crate which is vulnerable to CVE-2026-25727. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25727 DESCRIPTION: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when...

6.8CVSS5.8AI score0.00291EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.3 views

PT-2026-29109

Name of the Vulnerable Software and Affected Versions aws-mcp-server affected versions not specified Description The aws-mcp-server software contains a command injection flaw that could lead to remote code execution. This issue was discovered by Alfredo Oliveira and David Fiser of Trend Research...

9.8CVSS7.5AI score0.0183EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-29047

Name of the Vulnerable Software and Affected Versions MongoDB Server versions prior to 8.2.2 MongoDB Server versions 8.0.18 through 8.0.18 MongoDB Server versions 7.0.31 through 7.0.31 Description A user with limited privileges within a cluster can cause a mongod process to crash when the cluster...

6CVSS5.9AI score0.00203EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.2 views

Fedora: Security Advisory (FEDORA-2026-48e73ed6b8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.01373EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.4 views

Fedora: Security Advisory (FEDORA-2026-66c97240f2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.01373EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2026/03/30 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2026-8ae04c01e3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS5.9AI score0.01373EPSS
Exploits0References5
Anthropic
Anthropic
added 2026/03/29 8:42 p.m.11 views

ANT-2026-KNXJMVYC · wolfSSL · signature-bypass

signature-bypass high CVE-2026-5466 Severity Claude high · Security research firm high · Maintainer - Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Calif. Verdict: true positive Severity: high TIMELINE Dates from discovery through publ...

8.1CVSS5.8AI score0.00147EPSS
Exploits0
CVE
CVE
added 2026/03/29 5:53 p.m.10 views

CVE-2026-0558

The CVE-2026-0558 issue affects parisneo/lollms up to 2.2.0, where the /api/files/extract-text endpoint accepts file uploads without authentication, lacking the Depends(get_current_active_user) check. This exposes unauthenticated users to DoS via resource exhaustion and potential information disc...

9.8CVSS7AI score0.0043EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/29 3:22 p.m.11 views

Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...

5.9AI score
Exploits0References5Affected Software2
Snyk
Snyk
added 2026/03/29 3:22 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the StringPiece.fromJSON function. An attacker can execute arbitrary JavaScript in the context of the victim's browser by tricking a user into dragging and dropping a crafted application/x-trix-document JSON...

8.2CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/29 3:22 p.m.2 views

GHSA-53P3-C7VP-4MCC Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)

Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...

2.1CVSS5.9AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/29 11:13 a.m.4 views

CVE-2026-33638

Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to version 4.2.0, GET /api/allusers is mounted as a public endpoint and returns user records without authentication. This allows remote unauthenticated user enumeration and exposure of user profile metadata. ...

5.3CVSS5.9AI score0.00484EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/29 8:45 a.m.3 views

CVE-2026-5037

A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit ha...

4.8CVSS4.8AI score0.00128EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/29 5:10 a.m.6 views

CVE-2026-4987

The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including, 2.5.2. This is due to the createpaymentintent function performing a payment validation solely based on the value of a...

7.5CVSS5.9AI score0.00256EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.10 views

PT-2026-28745

Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A flaw exists in the Parameter Handler component of the software, specifically within the /edit costumer.php file. Manipulation of the cos id argument can lead to SQL injection. This issu...

7.5CVSS5.7AI score0.00329EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.8 views

TOTOLINK A3300R 命令注入漏洞

TOTOLINK A3300R is a wireless router produced by TOTOLINK Corporation. The TOTOLINK A3300R version 17.0.0cu.557b20221024 contains a command injection vulnerability. This vulnerability arises from improper handling of the parameter “lanIp” in the file /cgi-bin/cstecgi.cgi, which may lead to comman...

8.8CVSS6.6AI score0.02179EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.3 views

CVE-2026-33765

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

9.3CVSS6AI score0.01088EPSS
Exploits0References1
Rows per page
Query Builder