Lucene search
K

368577 matches found

CVE
CVE
added 3 days ago9 views

CVE-2026-49284

CVE-2026-49284 (placeholder entry) relates to SimpleSAMLphp where the SP ACS path does not enforce the IdP used for an SP-initiated login. If a saved state expects IdP A but a response from IdP B arrives, the system may continue processing instead of rejecting, potentially allowing an authenticat...

Exploits0References4
CVE
CVE
added 3 days ago17 views

CVE-2026-52792

The CVE entry relates to Algernon (Go-based web server). On Windows NTFS, file handling uses filepath.Ext() to choose how to serve a script, but NTFS-equivalent filenames like x.lua::$DATA, x.lua., or x.lua are not treated as .lua. This allows an unauthenticated user to request a server-side scri...

0.00077EPSS
Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-52834

On 32-bit platforms, the vulnerability is in the jxl-grid implementation where an integer overflow during length calculation can cause out-of-bounds writes when decoding a crafted JPEG XL image. The GHSA advisory and OSV-RUSTSEC entry describe a scenario where large frames or canvas/ROI shapes ov...

Exploits0References7
CVE
CVE
added 3 days ago14 views

CVE-2026-52830

The CVE describes a path-traversal in fast-mcp-telegram prior to 0.19.1 where HTTP Bearer tokens are joined into a session-file path. The verifier rejects only the exact reserved token, not path separators or normalized paths, enabling a remote client to authenticate as the default legacy session...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-49289

Technical details for CVE-2026-49289 are not publicly available in the provided documents. Monitor for updates as information may be released by the reserving party.

Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-52829

Technical details for CVE-2026-52829 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.

Exploits0References4
CVE
CVE
added 3 days ago9 views

CVE-2026-49283

Technical details for CVE-2026-49283 are not publicly available in the provided documents. Monitor for updates as information remains reserved/no detail.

Exploits0References4
CVE
CVE
added 3 days ago15 views

CVE-2026-52817

Technical details for CVE-2026-52817 are not publicly available in the provided documents; no affected products, impact, or remediation are described. Monitor for future updates.

Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-52746

Technical details for CVE-2026-52746 are not publicly available in the provided documents; the entry is reserved. Monitor for updates.

Exploits0References9
CVE
CVE
added 3 days ago10 views

CVE-2026-52734

Technical details for CVE-2026-52734 are not publicly available in the provided documents. No affected products, root cause, or remediation are disclosed. Monitor for updates from the issuing party.

Exploits0References6
CVE
CVE
added 3 days ago7 views

CVE-2026-52733

Technical details are not publicly available in the provided documents. Monitor for updates.

Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
CVE
CVE
added 3 days ago11 views

CVE-2026-58467

Cockpit CMS prior to release 364 is affected by a path traversal and local file inclusion vulnerability. Unauthenticated attackers can craft a request (via the URL’s PATH_INFO in REQUEST_URI) to reach arbitrary files; if the resolved path ends with .php, it may be passed to include(), enabling lo...

8.2CVSS6AI score0.0042EPSS
Exploits0References3
CVE
CVE
added 3 days ago8 views

CVE-2026-58466

AutoBangumi prior to version 3.2.8 contains a hard-coded default-credentials vulnerability. When the users table is empty, a default administrator account is seeded at startup via add_default_user() in the database user module, allowing unauthenticated attackers to authenticate as admin by submit...

9.8CVSS5.8AI score0.00505EPSS
Exploits0References4
CVE
CVE
added 3 days ago8 views

CVE-2026-52739

Technical details are not publicly available in the provided documents. This CVE entry is reserved; monitor for updates.

Exploits0References7
CVE
CVE
added 3 days ago10 views

CVE-2026-58381

CVE-2026-58381 affects GIMP's PSP file format parser. A double-free in read_layer_block() when processing a specially crafted PSP file can cause memory corruption, potentially leading to denial of service or arbitrary code execution. The provided data includes a CVSSv3.1 vector (AV:L/AC:L/PR:L/UI...

6.1CVSS6.1AI score0.00118EPSS
Exploits0References4
CVE
CVE
added 3 days ago10 views

CVE-2026-52738

Technical details are not publicly available in the provided documents. Monitor for updates to CVE-2026-52738 for potential disclosure, affected products, impact, or remedies.

Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-52737

Technical details for CVE-2026-52737 are not publicly available in the provided documents. No affected products, vectors, or remediation are stated. Monitor for updates as new information is published.

Exploits0References4
CVE
CVE
added 3 days ago12 views

CVE-2026-59102

CVE-2026-59102 affects Forgejo prior to 15.0.3, with a stored XSS in the Actions run page when DEFAULT_SHOW_FULL_NAME is enabled. The description shows that an authenticated attacker can inject an HTML payload into the full name, which is interpolated into an HTML string via a translation functio...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
CVE
CVE
added 3 days ago14 views

CVE-2026-59101

AutoBangumi

6.9CVSS6AI score0.00321EPSS
Exploits0References4
Rows per page
Query Builder