Lucene search
K

562 matches found

CVE
CVE
added 2026/04/30 12:11 p.m.9 views

CVE-2024-13971

The CVE-2024-13971 item covers Lobster_pro’s XML parser vulnerability prior to version 4.12.6-GA. The issue allows unauthenticated attackers to read files on the application server and adjacent network shares and to issue HTTP GET requests to arbitrary services via XML External Entities handling....

7.7CVSS5.5AI score0.0047EPSS
Exploits2References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.11 views

PT-2026-36175

Name of the Vulnerable Software and Affected Versions Secure Access Windows client versions prior to 14.50 Description An arbitrary read/write issue exists where attackers with local control of the Windows client can send malformed data to an API to elevate their privileges to system level...

8.5CVSS5.9AI score0.00104EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/26 1:49 a.m.100 views

BinExploit-Bench

BinExploit-Bench: Binary Exploitation Capability Benchmark for...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/22 5:43 p.m.15 views

i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite

Summary Versions of i18next-fs-backend prior to 2.6.4 interpolate the caller-supplied lng and ns values directly into the configured loadPath and addPath templates with no path-component validation and no sanitisation. When an application exposes the resolved language code to user-controlled inpu...

8.2CVSS5.8AI score0.00292EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/18 1:9 a.m.7 views

Wish has SCP Path Traversal that allows arbitrary file read/write

Summary The SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server, and create directories outside the configured root directory by sending crafted filenames containing ../...

9.6CVSS6.6AI score0.00393EPSS
Exploits1References4Affected Software2
SUSE CVE
SUSE CVE
added 2026/04/14 11:25 p.m.9 views

SUSE CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2026/04/09 8:16 p.m.5 views

UBUNTU-CVE-2026-39977

flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source directory of the module. The paths from that array are resolved using gfileresolverelativepath and...

7.1CVSS5.9AI score0.00288EPSS
Exploits1References3
OSV
OSV
added 2026/04/09 7:16 p.m.3 views

DEBIAN-CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS5.8AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 7:16 p.m.5 views

UBUNTU-CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/09 7:16 p.m.4 views

CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 6:45 p.m.19 views

CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS0.00319EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/09 6:45 p.m.2 views

CVE-2026-34971 Wasmtime miscompiled guest heap access enables sandbox escape on aarch64 Cranelift

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6AI score0.00319EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:45 p.m.3 views

CVE-2026-34971

Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap accesses which means that the wrong address is accessed. When combined with explicit bounds checks a...

9CVSS6.1AI score0.00319EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/03 4:4 a.m.2 views

GHSA-QH3J-MRG8-F234 Signal K Server: Arbitrary Prototype Read via `from` Field Bypass

Summary The /signalk/v1/applicationData/... JSON-patch endpoint allows users to modify stored application data. To prevent Prototype Pollution, the developers implemented an isPrototypePollutionPath guard. However, this guard only checks the path property of incoming JSON-patch objects. It...

5.3CVSS6.5AI score0.00308EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/01 6:31 a.m.4 views

EUVD-2026-17783

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.1AI score0.00336EPSS
Exploits0References3
NVD
NVD
added 2026/04/01 5:16 a.m.10 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 4:41 a.m.14 views

CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...

8.8CVSS6.1AI score0.00336EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.5 views

Google Chrome < 146.0.7680.177 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.177. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop31 advisory. - Use after free in Compositing in Google Chrome prior to 146.0.7680.178...

9.6CVSS6.6AI score0.05036EPSS
Exploits0References43
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability caused by a codec integer overflow, which could allow arbitrary read and write operations to be executed through specially crafted HTML pag...

8.8CVSS5.9AI score0.00336EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 10:43 p.m.6 views

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References3
Rows per page
Query Builder