Lucene search
K
CvelistMost viewed

365117 matches found

Cvelist
Cvelist
added 2026/05/11 9:14 p.m.56 views

CVE-2026-7010 HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one ...

0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 2:39 p.m.56 views

CVE-2026-44197 Wagtail: Improper permission handling when comparing revisions

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in...

6.5CVSS0.00204EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/10 5:15 a.m.56 views

CVE-2026-8232 Dotouch XproUPF UPF Process libvlib.so vlib_worker_loop denial of service

A vulnerability was found in Dotouch XproUPF 2.0.0-release-088aa7c4. This impacts the function vlibworkerloop in the library /usr/xpro/upf/tools/libs/libvlib.so of the component UPF Process. The manipulation results in denial of service. The vendor was contacted early about this disclosure...

5.1CVSS0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 4:28 a.m.56 views

CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, some functions, including urldecode, pass signed char to ctype functions like isxdigit. On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can...

6.3CVSS0.00337EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:54 p.m.56 views

CVE-2026-42028 novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root

novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intended gallery root directory. This issue has been patched in version 2.1.1...

5.3CVSS0.00315EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 3:11 p.m.56 views

CVE-2026-44499 ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning

ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to permanently halt all new block discovery on a targeted node. The attack exploits three independent...

8.7CVSS0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.56 views

CVE-2026-43462 net: spacemit: Fix error handling in emac_tx_mem_map()

In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emactxmemmap The DMA mappings were leaked on mapping error. Free them with the existing emacfreetxbuf function...

7.5CVSS0.00335EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 7:13 a.m.56 views

CVE-2026-44927

In uriparser before 1.0.2, there is pointer difference truncation to int in various places...

2.9CVSS0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:36 a.m.56 views

CVE-2026-42203 LiteLLM: Server-Side Template Injection in /prompts/test endpoint

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the...

8.6CVSS0.00373EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/08 2:15 a.m.56 views

CVE-2026-8128 SourceCodester SUP Online Shopping viewmsg.php sql injection

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/07 7:41 p.m.56 views

CVE-2026-33811 Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

0.00813EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 6:9 p.m.56 views

CVE-2026-41906 FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.214, the Change Customer modal correctly hides out-of-scope customers through the mailbox-filtered search endpoint, but the backend conversationchangecustomer action accepts any supplied...

7.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:45 p.m.56 views

CVE-2026-8093 Memory safety bugs fixed in Firefox 150.0.2

Memory safety bugs present in Firefox 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.2 and Thunderbird 150.0.2...

0.00323EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 2:59 a.m.56 views

CVE-2026-41662 Admidio: Missing Minimum Administrator Check in Role Membership Removal

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

5.2CVSS0.00285EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 1:47 p.m.56 views

CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images.

HCL BigFix Service Management SM application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentionally shared...

3.5CVSS0.00143EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.56 views

CVE-2026-43263 media: chips-media: wave5: Fix Null reference while testing fluster

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts happens and structures for decoder are removed. "struct vpuinstance" this structure is shared for all...

7.8CVSS0.00119EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.56 views

CVE-2026-43222 media: verisilicon: AV1: Fix tile info buffer size

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: rowsb, colsb, startpos and endpos 4 bytes each. So the total required memory is AV1MAXTILES 16 bytes. Use the correct define to allocate the buffer...

7.8CVSS0.00138EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.56 views

CVE-2026-43113 wifi: wl1251: validate packet IDs before indexing tx_frames

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing txframes wl1251txpacketcb uses the firmware completion ID directly to index the fixed 16-entry wl-txframes array. The ID is a raw u8 from the completion block, and the callback do...

8.8CVSS0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.56 views

CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in ioam6filltracedata We need to check in6devget for possible NULL value, as suggested by Yiming Qian. Also add skbdstdevrcu instead of skbdstdev, and two missing READONCE. Note that @d...

7.5CVSS0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 11:24 a.m.56 views

CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 6:47 a.m.56 views

CVE-2026-40797 WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

9.3CVSS0.00339EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/05 4:30 a.m.56 views

CVE-2026-7822 itsourcecode Courier Management System print_pdets.php sql injection

A vulnerability was identified in itsourcecode Courier Management System 1.0. This impacts an unknown function of the file /printpdets.php. The manipulation of the argument ids leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

6.5CVSS0.00196EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/04 3:53 p.m.56 views

CVE-2026-42372 D-Link DIR-605L A1 Hardcoded Telnet Backdoor Credentials

D-Link DIR-605L Hardware Revision A1 End-of-Life, EOL contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static password "wrgn35dlwbrdir605l" read from /etc/alphaconfig/imagesign. The custom telnetd binary...

8.8CVSS0.003EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/04 6:5 a.m.56 views

CVE-2026-43863

mutt before 2.3.2 has an infinite loop in dataobjecttostream in crypt-gpgme.c...

3.7CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 2:30 a.m.56 views

CVE-2026-7723 PrefectHQ prefect WebSocket Endpoint in missing authentication

A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component WebSocket Endpoint. Executing a manipulation can lead to missing authentication. The attack may be performed from remote. The exploit has been published and may be...

7.5CVSS0.00421EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/04 1:30 a.m.56 views

CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow

A security flaw has been discovered in Totolink WA300 5.2cu.7112B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument httphost results in buffer overflow. The attack may be launched...

10CVSS0.00619EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/03 3:45 p.m.56 views

CVE-2026-7702 toeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorization

A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack...

6.9CVSS0.00314EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/03 4:25 a.m.56 views

CVE-2026-5063 NEX-Forms <= 9.1.11 - Unauthenticated Stored Cross-Site Scripting via POST Parameter Key Names

The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter key names in the submitnexform function in versions up to, and including, 9.1.11 due to insufficient input sanitization and output escaping. This makes it...

7.2CVSS0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/03 1:15 a.m.56 views

CVE-2026-7673 crmeb_java Admin Upload UploadServiceImpl.java unrestricted upload

A vulnerability was detected in crmebjava up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted...

5.8CVSS0.00223EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.56 views

CVE-2026-7069 D-Link DIR-825 miniupnpd upnpsoap.c AddPortMapping buffer overflow

A security flaw has been discovered in D-Link DIR-825 up to 3.00b32. This impacts the function AddPortMapping of the file upnpsoap.c of the component miniupnpd. Performing a manipulation of the argument NewPortMappingDescription results in buffer overflow. The attack needs to be approached within...

8.6CVSS0.01384EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/23 2:54 p.m.56 views

CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS0.00264EPSS
Exploits0References37
Cvelist
Cvelist
added 2026/04/21 7:21 p.m.56 views

CVE-2026-33813 Panic when decoding large WEBP image on 32-bit platforms in golang.org/x/image

Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...

0.0034EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/14 4:57 p.m.56 views

CVE-2026-33825 Microsoft Defender Elevation of Privilege Vulnerability

...

7.8CVSS0.06749EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/04/13 1:15 a.m.56 views

CVE-2026-6143 farion1231 cc-switch ProxyServer server.rs cross-domain policy

A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can ...

6.5CVSS0.00189EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/10 9:0 a.m.56 views

CVE-2026-6042 musl libc GB18030 4-byte Decoder iconv.c iconv algorithmic complexity

A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...

4.8CVSS0.00227EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/04/09 5:16 p.m.56 views

CVE-2026-39987 marimo Affected by Pre-Auth Remote Code Execution via Terminal WebSocket Authentication Bypass

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS0.95645EPSS
Exploits11References3
Cvelist
Cvelist
added 2026/04/04 12:38 a.m.56 views

CVE-2026-35616

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests...

9.8CVSS0.88505EPSS
Exploits8References1
Cvelist
Cvelist
added 2026/04/03 9:23 p.m.56 views

CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS0.00118EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/31 9:50 p.m.56 views

CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated )

SiYuan is a personal knowledge management system. From version 3.6.0 to before version 3.6.2, the SanitizeSVG function introduced in version 3.6.0 to fix XSS in the unauthenticated /api/icon/getDynamicIcon endpoint can be bypassed by using namespace-prefixed element names such as . The Go HTML5...

8.6CVSS0.00469EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/18 1:14 a.m.56 views

CVE-2026-2092 Keycloak-services: keycloak: unauthorized access via improper validation of encrypted saml assertions

A flaw was found in Keycloak. Keycloak's Security Assertion Markup Language SAML broker endpoint does not properly validate encrypted assertions when the overall SAML response is not signed. An attacker with a valid signed SAML assertion can exploit this by crafting a malicious SAML response. Thi...

7.7CVSS0.00241EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/05 5:53 a.m.56 views

CVE-2026-22399 WordPress Holmes theme <= 1.7 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Holmes holmes allows PHP Local File Inclusion.This issue affects Holmes: from n/a through = 1.7...

8.1CVSS0.00504EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/03 1:21 a.m.56 views

CVE-2026-2269 Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin <= 7.0.0.3 - Authenticated (Administrator+) Server-Side Request Forgery to Arbitrary File Upload

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.0.0.3 via the downloadurl function. This makes it possible for authenticated attackers, with...

7.2CVSS0.00655EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 8:12 p.m.56 views

CVE-2026-1801 Libsoup: libsoup: http request smuggling via malformed chunk headers

A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soupfilterinputstreamreadline logic, where libsoup accepts malformed chunk headers, such as lone line feed LF characters instead of the required...

5.3CVSS0.00376EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 3:15 p.m.56 views

CVE-2026-1536 Libsoup: libsoup: http header injection or response splitting via crlf injection in content-disposition header

A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF Carriage Return Line Feed sequences into the header value. These sequences are then interpreted verbatim when the HTTP request or response is constructed, allowing arbitrary HTTP...

5.8CVSS0.00298EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/06 7:2 p.m.56 views

CVE-2026-0641 TOTOLINK WA300 cstecgi.cgi sub_401510 command injection

A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112B20190227. This vulnerability affects the function sub401510 of the file cstecgi.cgi. The manipulation of the argument UPLOADFILENAME leads to command injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.0236EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/12/30 12:11 p.m.56 views

CVE-2023-54234 scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix missing mrioc-evtackcmds initialization Commit c1af985d27da "scsi: mpi3mr: Add Event acknowledgment logic" introduced an array mrioc-evtackcmds but initialization of the array elements was missed. They are just...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/22 12:0 a.m.56 views

CVE-2025-51006

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dltlinuxsll2cleanup function in plugins/dltlinuxsll2/linuxsll2.c. This vulnerability is triggered when tcpeditdltcleanup indirectly invokes the cleanup routine multiple times on the same memory region. By...

0.00172EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/09 10:23 p.m.56 views

CVE-2025-59039 Prebid Universal Creative on npm briefly compromised

Prebid Universal Creative PUC is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by crypto-related malware. This includes the extremely popular jsdelivr hosting of this file. The maintainers of PUC unpublished version 1.17.3. Users should s...

9.3CVSS0.00312EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/09 3:39 p.m.56 views

CVE-2025-53673

Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system...

0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/10 2:33 p.m.56 views

CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

9.3CVSS0.00262EPSS
Exploits0References2
Total number of security vulnerabilities5000