Lucene search
K

1845 matches found

CNNVD
CNNVD
added 2026/06/09 12:0 a.m.18 views

Adobe CAI Content Credentials 路径遍历漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc. in the United States. It offers capabilities for authenticating digital content sources and tracking editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1...

5.5CVSS5.6AI score0.00178EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/07 4:44 a.m.15 views

SUSE CVE-2026-11129

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/06 5:0 p.m.11 views

CVE-2026-11438 theonedev projects improper authorization

A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromId leads to improper authorization. The attack is possible to be carried out remotely. Upgrading to...

6.5CVSS6.1AI score0.00214EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.12 views

CVE-2026-34476

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...

7.1CVSS5.4AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.13 views

CVE-2026-41671

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

6.8CVSS5.4AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.7 views

CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

6.9CVSS5.2AI score0.00623EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.11 views

CVE-2026-40550

mpGabinet is vulnerable to Privilege Escalation due to excessive database privileges assigned to the user used by the application. An attacker with access to any running application instance connected to the backend server can extract database credentials from the application’s memory by inspecti...

6.9CVSS5.5AI score0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.11 views

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS5.6AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

7.1CVSS5.4AI score0.00146EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 11:17 p.m.6 views

DEBIAN-CVE-2026-11214

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 a.m.15 views

CVE-2026-49510

Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f...

6.1CVSS0.00104EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 10:0 p.m.9 views

CVE-2026-10662 ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery

A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get of the file src/blendermcp/server.py of the component ZIP File Handler. The manipulation of the argument zipfileurl results in server-side request...

6.5CVSS6.1AI score0.00227EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.12 views

CVE-2026-27351

Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2...

5.4CVSS5.8AI score0.00165EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of ANGLE components after their release, which could allow remote attackers to exploit the vulnerabilit...

8.3CVSS5.4AI score0.00286EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 3:16 p.m.18 views

CVE-2026-42682

Missing Authorization vulnerability in Tomdever wpForo Forum allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects wpForo Forum: from n/a through 3.0.6...

9.1CVSS0.00291EPSS
Exploits0References1
CVE
CVE
added 2026/05/31 2:28 a.m.26 views

CVE-2026-8382

The CVE-2026-8382 entry describes an authorization bypass in the WordPress plug‑in Advanced Custom Fields (ACF) for all versions up to 6.8.1. The vulnerability arises because the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to ...

5.3CVSS5.8AI score0.00402EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.11 views

EUVD-2026-33097

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00194EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.13 views

EUVD-2026-33223

Out of bounds read in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.13 views

EUVD-2026-33154

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00173EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/28 10:25 p.m.12 views

CVE-2026-10014

Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00185EPSS
Exploits0
Rows per page
Query Builder