Lucene search
K

252771 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40957

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS6.5AI score
Exploits0References2
Nuclei
Nuclei
added 7 hours ago6 views

FOSSBilling - Server-Side Template Injection

A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...

9.4CVSS6.2AI score0.01892EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 7 hours ago3 views

dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection

A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...

8.1CVSS6.5AI score0.00526EPSS
Exploits1References7
OSV
OSV
added 11 hours ago3 views

DEBIAN-CVE-2026-14091

Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13845

Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13788

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-14086

Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-14067

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13848

Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13965

Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13786

Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-14064

Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

7.5CVSS6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13815

Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago3 views

DEBIAN-CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-14107

Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13855

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13870

Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score
Exploits0References1
OSV
OSV
added 11 hours ago2 views

DEBIAN-CVE-2026-13925

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

6.2AI score
Exploits0References1
NVD
NVD
added 13 hours ago5 views

CVE-2026-7840

UltraVNC repeater through 1.8.2.2 contains a global buffer overflow in its embedded HTTP administration server. The functions wisenderr and wireplyhdr in repeater/webgui/webutils.c write the caller-supplied HTTP request URI into a fixed 1000-byte global buffer hdrbuf via unchecked sprintf calls...

9.8CVSS
Exploits0References2
NVD
NVD
added 13 hours ago7 views

CVE-2026-7838

UltraVNC viewer through 1.8.2.2 contains an integer overflow leading to a heap buffer overflow in the RFB protocol failure-response parsing path. In vncviewer/ClientConnection.cpp, the 4-byte network-supplied reasonLen field type CARD32 is passed as reasonLen+1 to CheckBufferSize. Because both...

8.8CVSS
Exploits0References2
Rows per page
Query Builder