Lucene search
K

368499 matches found

CVE
CVE
added yesterday11 views

CVE-2026-47896

The CVE-2026-47896 entry concerns Apache Lucene.Net.Replicator. Affected versions are 4.8.0-beta00005 through 4.8.0-beta00017, with a fix in 4.8.0-beta00018. The root cause is an improper limitation of a pathname to a restricted directory, i.e., a path traversal vulnerability. The CVE record on C...

8.9CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-47897

CVE-2026-47897 is a path traversal vulnerability in Apache Lucene.Net.Replicator. Affected: Lucene.Net.Replicator library (versions from 4.8.0-beta00005 up to, but before, 4.8.0-beta00018). Root cause: improper limitation of a pathname to a restricted directory, enabling potential access to restr...

8.9CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-47898

CVE-2026-47898 is an XXE vulnerability in Apache Lucene.Net, specifically in the Lucene.Net.Analysis.Common library. Affected versions are 4.8.0-beta00005 up to before 4.8.0-beta00018. The root cause is improper restriction of XML External Entity references. Successful exploitation could arise fr...

4CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday14 views

CVE-2026-8804

The CVE concerns Puppet’s resource_api (bundled with Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x). A vulnerability exists where the sensitive flag on parameters defined via the resource-api is not preserved, causing values such as passwords to be stored in cleartext in the agent’s l...

6.7CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday19 views

CVE-2026-14544

CVE-2026-14544 concerns HPLIP (HP Linux Imaging and Printing Software) with an integer overflow in the hpcups processing path when handling specially crafted print data. This is described as an incomplete fix for CVE-2026-8631. The vulnerability may allow a remote attacker to escalate privileges ...

9.8CVSS6.2AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-9148

The Comments – wpDiscuz plugin for WordPress (affected: versions up to 7.6.56) is vulnerable to Stored XSS via the guest commenter field Website. The root cause is insufficient output escaping in getCommentAuthor(), which interpolates the stored comment_author_url directly into single-quoted HTML...

7.2CVSS6.1AI score
Exploits0References11
CVE
CVE
added yesterday7 views

CVE-2026-9230

The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress

4.3CVSS6AI score
Exploits0References14
CVE
CVE
added yesterday9 views

CVE-2026-8351

CVE-2026-8351 concerns the RTMKit plugin for WordPress, vulnerable up to version 2.0.7. The flaw is a Stored Cross-Site Scripting in the Advanced Heading widget via the 'Background Text' parameter. The render() function concatenates the value directly into an HTML attribute without applying esc_a...

6.4CVSS6.1AI score
Exploits0References9
CVE
CVE
added yesterday9 views

CVE-2026-51535

Technical details for CVE-2026-51535 are not publicly available in the provided documents. No affected products, versions, or fixes are listed. Monitor for updates.

Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-9547

CVE-2026-9547 describes an SSH host-validation flaw in libcurl: when a libcurl-based application uses SCP/SFTP with CURLOPT_SSH_KEYFUNCTION, a host key type mismatch may be silently accepted, allowing a connection to succeed without warning and enabling potential man-in-the-middle attacks. The is...

6AI score
Exploits0References3
CVE
CVE
added yesterday14 views

CVE-2026-9546

CVE-2026-9546 details (libcurl): A vulnerability causes the HTTP Referer header to persist after CURLOP_REFERER is set to NULL, due to failure to clear internal per-handle state. As a result, the previous referrer can be reused in subsequent requests, potentially leaking sensitive data to uninten...

5.9AI score
Exploits0References3
CVE
CVE
added yesterday14 views

CVE-2026-9545

CVE-2026-9545 describes an information-disclosure in curl/libcurl when using HTTP/3 early data with a cached SSL session. In the scenario, a site is initially served by a legitimate HTTP/3 server, but on a second transfer to the same hostname the connection is constructed to a counterfeit host (i...

5.9AI score
Exploits0References3
CVE
CVE
added yesterday18 views

CVE-2026-9080

CVE-2026-9080 is a use-after-free in libcurl triggered when curl_easy_pause() is called from a socket callback (CURLMOPT_SOCKETFUNCTION). The event-path code re-enters the eviction/assessment flow and may free the associated sh_entry; the fix added a post-callback re-fetch of that entry in mev_sh...

5.9AI score
Exploits0References3
CVE
CVE
added yesterday15 views

CVE-2026-9079

CVE-2026-9079 concerns libcurl: when instructed to clear proxy authentication credentials, it failed to do so, leaving the old credentials in place and potentially reused in subsequent transfers that should not know or use them. The description across multiple sources consistently states this cre...

6AI score
Exploits0References3
CVE
CVE
added yesterday13 views

CVE-2026-8932

libcurl (client library) is affected by CVE-2026-8932 due to incomplete mTLS config matching in the connection reuse logic. The vulnerability arises because TLS settings related to client certificates, notably the private key, were omitted from the configuration match checks, allowing a previousl...

6.2AI score
Exploits0References3
CVE
CVE
added yesterday14 views

CVE-2026-8927

CVE-2026-8927 affects libcurl: when reusing a handle for sequential transfers driven by environment-variable proxies, the proxy authentication state is not cleared between requests, causing leakage of the Proxy-Authorization header from an initial proxy (proxyA) to a subsequent proxy (proxyB). Af...

5.9AI score
Exploits0References3
CVE
CVE
added yesterday15 views

CVE-2026-8926

Curl 8.x is affected by CVE-2026-8926: when using a .netrc file to locate credentials and specifying a URL containing a username (without a password), curl could leak the password for another user configured in the same host’s .netrc file if there is no exact user match. The vulnerability concern...

6AI score
Exploits0References3
CVE
CVE
added yesterday11 views

CVE-2026-8925

The CVE-2026-8925 issue in curl is a SASL double-free where the GSASL context can be freed twice due to cleanup without clearing the pointer in between. This is specifically tied to curl’s SASL authentication path and can lead to a denial of service or arbitrary code execution in affected builds....

5.9AI score
Exploits0References3
CVE
CVE
added yesterday17 views

CVE-2026-8924

CVE-2026-8924 affects curl due to a flaw in its cookie parsing logic. A malicious HTTP server can set “super cookies” that bypass the Public Suffix List, allowing an attacker-controlled origin to inject cookies that curl scopes and transmits to unrelated third-party domains. The connected documen...

6AI score
Exploits0References3
CVE
CVE
added yesterday12 views

CVE-2026-8458

CVE-2026-8458 affects libcurl. A logical error can cause a reused connection to the same server that was authenticated under a different service when performing Negotiate-authenticated requests. The issue arises from libcurl’s connection pool reusing “recent connections” and failing to ensure mat...

6AI score
Exploits0References3
Rows per page
Query Builder