Lucene search
K

21 matches found

Wolfi
Wolfi
added yesterday2 views

CVE-2026-11278 vulnerabilities

Vulnerabilities for packages: chromium...

6.5CVSS5.8AI score0.00142EPSS
Exploits0
Circl
Circl
added 2026/06/05 1:24 p.m.7 views

CVE-2026-11278

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-09 18:00:00+00:00| seen|...

6.5CVSS5.3AI score0.00142EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/04 11:6 p.m.8 views

CVE-2026-11278

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00142EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:3 a.m.7 views

CVE-2024-11278

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:9 p.m.7 views

CVE-2020-11278

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

7.8CVSS7.3AI score0.00605EPSS
Exploits0References1
Circl
Circl
added 2024/11/20 7:3 a.m.5 views

CVE-2024-11278

creationtimestamp| type| source ---|---|--- 2024-11-20 07:03:12+00:00| seen| https://t.me/cvedetector/11557...

6.1CVSS8.7AI score0.00377EPSS
Exploits0References1
CVE
CVE
added 2024/11/20 4:31 a.m.50 views

CVE-2024-11278

CVE-2024-11278 affects the WordPress plugin GD bbPress Attachments (≤ 4.7.2). The issue is a Reflected Cross-Site Scripting (XSS) caused by inadequate escaping of the URL via add_query_arg, enabling unauthenticated attackers to inject scripts that execute when a user interacts with a crafted link...

6.1CVSS6AI score0.00377EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/20 4:31 a.m.15 views

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS0.00377EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/20 4:31 a.m.14 views

CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting

The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...

6.1CVSS6.4AI score0.00377EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/11/19 12:0 a.m.12 views

WordPress GD bbPress Attachments Plugin <= 4.7.2 is vulnerable to Cross Site Scripting (XSS)

Software GD bbPress Attachments Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11278 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fddb2474371 Credits Colin Xu...

6.1CVSS5.6AI score0.00377EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2021/02/22 12:28 p.m.5 views

CVE-2020-11278

creationtimestamp| type| source ---|---|--- 2021-02-22 12:28:18+00:00| seen| https://t.me/cibsecurity/23911...

7.8CVSS7.4AI score0.00605EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/22 6:26 a.m.31 views

CVE-2020-11278

Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

7.7AI score0.00605EPSS
Exploits0References1
CVE
CVE
added 2021/02/22 6:26 a.m.89 views

CVE-2020-11278

CVE-2020-11278 affects Qualcomm Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, CE Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure & Networking). The root cause is improper validation when handling host WMI commands, leading to possible Denial...

7.8CVSS7.6AI score0.00605EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/09/26 9:11 p.m.26 views

CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA

CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...

8.7CVSS9AI score0.01342EPSS
Exploits0References1
CVE
CVE
added 2019/09/26 9:11 p.m.123 views

CVE-2019-11278

CVE-2019-11278 affects Cloud Foundry UAA before 74.1.0. A remote attacker with the privileges client.write and groups.update can craft a SCIM query by injecting external input directly into SCIM, causing a leak of information that enables privilege escalation and potential control of UAA scopes. ...

8.8CVSS9AI score0.01342EPSS
Exploits0References1Affected Software1
Cloud Foundry
Cloud Foundry
added 2019/09/10 12:0 a.m.41 views

CVE-2019-11278: Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ ca...

8.8CVSS9AI score0.01342EPSS
Exploits0
CVE
CVE
added 2018/09/18 6:0 p.m.44 views

CVE-2018-11278

CVE-2018-11278 affects CAF Venus HW in Android for MSM, Firefox OS for MSM, and QRD Android builds. The vulnerability occurs when Venus HW decodes input bit stream buffers: it searches for a start code, and if the start code is not found in the entire buffer, the implementation may over-fetch bey...

7.1CVSS6.8AI score0.00172EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/08/11 7:29 p.m.19 views

CVE-2017-11278

Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution...

7.5CVSS7.9AI score0.06083EPSS
Exploits0References3
CVE
CVE
added 2017/08/11 7:0 p.m.57 views

CVE-2017-11278

Adobe Digital Editions 4.5.4 and earlier are affected by CVE-2017-11278 (memory corruption vulnerability). Successful exploitation could lead to arbitrary code execution. The connected advisories indicate this was part of APSB17-27 with remediation guidance to upgrade to 4.5.6 or newer on Windows...

7.5CVSS8.9AI score0.06083EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/08/09 12:0 a.m.33 views

Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-27 advisory. - Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful...

10CVSS8.6AI score0.13022EPSS
Exploits1References10
Rows per page
Query Builder