Lucene search
K

141 matches found

Chainguard
Chainguard
added 2026/07/01 2:16 p.m.7 views

CVE-2026-10906 vulnerabilities

Vulnerabilities for packages: chromium...

7.5CVSS5.8AI score0.00326EPSS
Exploits0
Wolfi
Wolfi
added 2026/07/01 2:16 p.m.4 views

CVE-2026-10906 vulnerabilities

Vulnerabilities for packages: chromium...

7.5CVSS5.8AI score0.00326EPSS
Exploits0
Circl
Circl
added 2026/06/05 1:23 p.m.11 views

CVE-2026-10906

creationtimestamp| type| source ---|---|--- 2026-06-05 13:23:28+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

7.5CVSS5.3AI score0.00326EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-10906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to...

7.5CVSS5.6AI score0.00326EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:16 p.m.5 views

DEBIAN-CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.5AI score0.00326EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.6 views

Azure Linux 3.0 Security Update: nodejs (CVE-2019-10906)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-10906 advisory. - In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Note that Nessus has n...

8.6CVSS5.6AI score0.03603EPSS
Exploits1References2
Circl
Circl
added 2025/12/03 6:59 p.m.3 views

CVE-2025-10906

creationtimestamp| type| source ---|---|--- 2025-12-03 18:59:57+00:00| seen| https://gist.github.com/bhargav-nebulock/a23897d2199bc16d9e67b777e001fda2...

8.6CVSS5.8AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-13609

Malware in sbrugna...

7.8CVSS7.5AI score0.00422EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/24 1:2 p.m.16 views

CVE-2025-10906 Magnetism Studios Endurance NSXPC com.MagnetismStudios.endurance.helper loadModuleNamed:WithReply missing authentication

A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface. Executing manipulation can...

8.6CVSS0.00224EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/08/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-10906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount...

7.8CVSS6.7AI score0.01414EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.14 views

Alibaba Cloud Linux 3 : 0066: python-jinja2 (ALINUX3-SA-2022:0066)

The remote Alibaba Cloud Linux 3 host has a package installed that is affected by a vulnerability as referenced in the ALINUX3-SA-2022:0066 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-10906: In Pallets Jinja before 2.10.1,...

8.6CVSS7.1AI score0.03603EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/03/22 11:58 a.m.7 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS6.9AI score0.00228EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.4 views

dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10906 via dbgpt (=0.8.0)

dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10906 Source advisory: SNYK:PYTHON-DBGPT-9586747...

8.1CVSS7AI score0.00228EPSS
Exploits1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10906

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

8.1CVSS0.00228EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

7.1CVSS7AI score0.00228EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.58 views

CVE-2024-10906

CVE-2024-10906 – CSRF in DB-GPT (eosphoros-ai/db-gpt) Affected: db-gpt, version 0.6.0, within the uvicorn app created by dbgpt_server. Root cause: CORSMiddleware configured with wide permissiveness, setting Access-Control-Allow-Origin to ‘*’ for all endpoints. Impact: endpoints may be interacted ...

8.1CVSS7AI score0.00228EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-10906 Cross-Site Request Forgery (CSRF) in eosphoros-ai/db-gpt

In version 0.6.0 of eosphoros-ai/db-gpt, the uvicorn app created by dbgptserver uses an overly permissive instance of CORSMiddleware which sets the Access-Control-Allow-Origin to for all requests. This configuration makes all endpoints exposed by the server vulnerable to Cross-Site Request Forger...

7.1CVSS0.00228EPSS
Exploits1References1
CBLMariner
CBLMariner
added 2024/07/23 10:5 p.m.18 views

CVE-2019-10906 affecting package nodejs for versions less than 20.14.0-1

CVE-2019-10906 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

8.6CVSS6.9AI score0.03603EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.35 views

CBL Mariner 2.0 Security Update: fuse (CVE-2018-10906)

The version of fuse installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2018-10906 advisory. - In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when...

7.8CVSS6.9AI score0.01414EPSS
Exploits3References2
Amazon
Amazon
added 2024/06/24 12:0 a.m.21 views

Important: python3-jinja2

Issue Overview: In Pallets Jinja before 2.10.1, str.formatmap allows a sandbox escape. CVE-2019-10906 Affected Packages: python3-jinja2 Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories...

8.6CVSS7.1AI score0.03603EPSS
Exploits1
Rows per page
Query Builder