Lucene search
K

252750 matches found

Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-58025 Remote Code Execution via Unsafe Deserialization in LogItem Import

Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...

5.9CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago4 views

CVE-2026-57517 Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter

Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...

9.8CVSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago2 views

CVE-2026-8857 Full RCE using EasyTimeline Extension

A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

Exploits0References1
NVD
NVD
added 3 hours ago2 views

CVE-2026-8387

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS
Exploits0References2
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-40957

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS6.5AI score
Exploits0References2
Nuclei
Nuclei
added 5 hours ago6 views

FOSSBilling - Server-Side Template Injection

A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 5 hours ago3 views

dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection

A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...

8.1CVSS0.00526EPSS
Exploits1References7
OSV
OSV
added 8 hours ago3 views

DEBIAN-CVE-2026-14091

Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13845

Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13788

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-14067

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13848

Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13965

Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13786

Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-14064

Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

7.5CVSS6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13815

Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago3 views

DEBIAN-CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-14107

Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13870

Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score
Exploits0References1
OSV
OSV
added 8 hours ago2 views

DEBIAN-CVE-2026-13855

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
Rows per page
Query Builder