Lucene search
K
CvelistMost viewed

364881 matches found

Cvelist
Cvelist
added 2026/05/10 3:27 a.m.56 views

CVE-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

8.8CVSS0.0021EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/08 3:54 p.m.56 views

CVE-2026-42028 novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...

5.3CVSS0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:11 p.m.56 views

CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

8.7CVSS0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.56 views

CVE-2026-43462 net: spacemit: Fix error handling in emac_tx_mem_map()

In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emactxmemmap The DMA mappings were leaked on mapping error. Free them with the existing emacfreetxbuf function...

7.5CVSS0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 7:13 a.m.56 views

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

2.9CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:36 a.m.56 views

CVE-2026-42203 LiteLLM: Server-Side Template Injection in /prompts/test endpoint

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.6CVSS0.00373EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/08 2:15 a.m.56 views

CVE-2026-8128 SourceCodester SUP Online Shopping viewmsg.php sql injection

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.56 views

CVE-2026-33811 Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

0.00813EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 6:9 p.m.56 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:45 p.m.56 views

CVE-2026-8093 Memory safety bugs fixed in Firefox 150.0.2

Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2...

0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 2:59 a.m.56 views

CVE-2026-41662 Admidio: Missing Minimum Administrator Check in Role Membership Removal

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:57 p.m.56 views

CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal

A buffer overflow vulnerability in the User-ID™ Authentication Portal aka Captive Portal service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. T...

9.3CVSS0.32074EPSS
Exploits6References1
Cvelist
Cvelist
added 2026/05/06 1:47 p.m.56 views

CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.56 views

CVE-2026-43263 media: chips-media: wave5: Fix Null reference while testing fluster

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpuinstance" this structure is shared for all...

7.8CVSS0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.56 views

CVE-2026-43222 media: verisilicon: AV1: Fix tile info buffer size

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

7.8CVSS0.00138EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.56 views

CVE-2026-43113 wifi: wl1251: validate packet IDs before indexing tx_frames

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

8.8CVSS0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.56 views

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...

7.5CVSS0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 2:41 p.m.56 views

CVE-2026-34000 Xwayland: xorg: x.org x server: information disclosure and denial of service via out-of-bounds read in xkb geometry processing.

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the CheckSetGeom and XkbAddGeomKeyAlias functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server,...

6.1CVSS0.00489EPSS
Exploits0References27
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.56 views

CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 4:45 a.m.56 views

CVE-2026-7823 Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection

A security flaw has been discovered in Totolink A8000RU 7.1cu.643b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the...

10CVSS0.01788EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 4:30 a.m.56 views

CVE-2026-7822 itsourcecode Courier Management System print_pdets.php sql injection

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 6:5 a.m.56 views

CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 1:45 a.m.56 views

CVE-2026-7720 Totolink WA300 POST Request cstecgi.cgi setLanguageCfg command injection

A weakness has been identified in Totolink WA300 5.2cu.7112B20190227. The impacted element is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. This manipulation of the argument langType causes command injection. Remote exploitation of the attack ...

6.5CVSS0.00916EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/05/04 1:30 a.m.56 views

CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

10CVSS0.00619EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/03 3:45 p.m.56 views

CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 1:15 a.m.56 views

CVE-2026-7673 crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload

A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...

5.8CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 3:11 p.m.56 views

CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption

In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tlsdoencryption The -EBUSY handling in tlsdoencryption, introduced by commit 859054147318 "net: tls: handle backlogging of crypto requests", has a use-after-free due to double...

9.8CVSS0.00263EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/21 7:21 p.m.56 views

CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

0.0034EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/13 1:15 a.m.56 views

CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

6.5CVSS0.00189EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/10 9:0 a.m.56 views

CVE-2026-6042 musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...

4.8CVSS0.00227EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/03 9:23 p.m.56 views

CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS0.00118EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 9:50 p.m.56 views

CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated )

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

8.6CVSS0.00469EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/18 1:14 a.m.56 views

CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

7.7CVSS0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/17 11:14 a.m.56 views

CVE-2026-4271 Libsoup: libsoup: denial of service via use-after-free in http/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

5.3CVSS0.00829EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.56 views

CVE-2026-22399 WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through = 1.7...

8.1CVSS0.00504EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 1:21 a.m.56 views

CVE-2026-2269 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

7.2CVSS0.00655EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/30 12:11 p.m.56 views

CVE-2023-54234 scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.56 views

CVE-2025-51006

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dltlinuxsll2cleanup function in plugins/dltlinuxsll2/linuxsll2.c. This vulnerability is triggered when tcpeditdltcleanup indirectly invokes the cleanup routine multiple times on the same memory region. By...

0.00172EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/09 10:23 p.m.56 views

CVE-2025-59039 Prebid Universal Creative on npm briefly compromised

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/03 2:36 p.m.56 views

CVE-2025-58604 WordPress Mail Mint Plugin <= 1.18.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPFunnels Mail Mint mail-mint allows SQL Injection.This issue affects Mail Mint: from n/a through = 1.18.5...

7.6CVSS0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/12 7:42 p.m.56 views

CVE-2025-2745 AVEVA PI Web API Cross-site Scripting

A cross-site scripting vulnerability exists in AVEVA PI Web API version 2023 SP1 and prior that, if exploited, could allow an authenticated attacker with privileges to create/update annotations or upload media files to persist arbitrary JavaScript code that will be executed by users who were...

6.5CVSS0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/10 2:33 p.m.56 views

CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

9.3CVSS0.00262EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/15 7:21 p.m.56 views

CVE-2025-47161 Microsoft Defender for Endpoint Elevation of Privilege Vulnerability

...

7.8CVSS0.00705EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/11 11:0 a.m.56 views

CVE-2025-4539 Hainan ToDesk DLL File Parser profapi.dll uncontrolled search path

A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The...

7.3CVSS0.00179EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/05/03 5:31 p.m.56 views

CVE-2025-4240 PCMan FTP Server LCD Command buffer overflow

A vulnerability was found in PCMan FTP Server 2.0.7. It has been rated as critical. This issue affects some unknown processing of the component LCD Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

7.5CVSS0.00612EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/04/30 2:54 p.m.56 views

CVE-2025-32971 XWiki Solr script service doesn't take dropped programming right into account

XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...

3.8CVSS0.00334EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/20 6:31 a.m.56 views

CVE-2025-3822 SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting

A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirmpassword/txtnewpassword/txtoldpassword leads to cro...

4.8CVSS0.00393EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/04/16 7:45 a.m.56 views

CVE-2025-27538 MFA Enforcement Bypass Allows Unauthorized Removal of MFA for Other Users

Mattermost versions 10.5.x = 10.5.1, 9.11.x = 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with editotherusers permission to activate or deactivate MFA for other users, even if those users have not...

2.2CVSS0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/09 5:48 p.m.56 views

CVE-2025-3474 Panels - Critical - Access bypass - SA-CONTRIB-2025-033

Missing Authentication for Critical Function vulnerability in Drupal Panels allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Panels: from 0.0.0 before 4.9.0...

0.00361EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/05 3:31 p.m.56 views

CVE-2024-39564 Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to...

8.7CVSS0.00404EPSS
Exploits0References1
Total number of security vulnerabilities5000