Lucene search
K

206140 matches found

Cvelist
Cvelist
added 2026/04/10 12:0 a.m.26 views

CVE-2026-31262

Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform SB2 v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter...

0.00229EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31995

Name of the Vulnerable Software and Affected Versions PraisonAI versions prior to 4.5.128 Description PraisonAI's AST-based Python sandbox can be bypassed using the type. getattribute trampoline, leading to arbitrary code execution when running untrusted agent code. The execute code direct functi...

8.6CVSS6.4AI score0.0024EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent handling of environment variable overrides, which could allow attackers to provide overrid...

8.8CVSS6.1AI score0.00489EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31917

Name of the Vulnerable Software and Affected Versions Netwide Assembler NASM affected versions not specified Description A heap buffer overflow occurs due to a lack of bounds checking in the obj directive function. This issue can be triggered when assembling a malicious .asm file, which may lead ...

7.5CVSS6AI score0.00357EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.8 views

Altenar Sportsbook Software Platform SB2 安全漏洞

The Altenar Sportsbook Software Platform SB2 is a betting platform and odds management system developed by the Malta-based company Altenar, aimed at the sports betting industry. Version 2.0 of the Altenar Sportsbook Software Platform SB2 contains a security vulnerability. This vulnerability stems...

6.1CVSS5.8AI score0.00229EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.2 views

FreeBSD : Mozilla -- Memory safety bugs (359d8e42-33fb-11f1-8ac1-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 359d8e42-33fb-11f1-8ac1-b42e991fc52e advisory. https://bugzilla.mozilla.org/buglist.cgi?bugid=2025475%2C2025477 reports: Memory safety bugs present in...

9.8CVSS6AI score0.00257EPSS
Exploits0References3
CNVD
CNVD
added 2026/04/10 12:0 a.m.7 views

OpenClaw has an unspecified vulnerability (CNVD-2026-19641)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. A security vulnerability exists in OpenClaw that stems from automatically discovering and loading plugins from .OpenClaw/extensions/ without explicit trust validation, which can be exploited by an attacker to cause arbitrar...

8.8CVSS6.1AI score0.00331EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.3 views

Google Chrome ANGLE heap buffer overflow vulnerability (CNVD-2026-16862)

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a failure of the ANGLE heap to properly validate the length size of input data, which can be exploited by an...

8.8CVSS6.4AI score0.0035EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.4 views

Google Chrome Dawn Component Memory Misreference Vulnerability

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the Dawn component responsible for freeing memory. An attacker can...

8.8CVSS6.2AI score0.00313EPSS
Exploits0
CNVD
CNVD
added 2026/04/10 12:0 a.m.5 views

Google Chrome GPU Heap Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from the GPU heap failing to properly validate the length size of input data, which can be exploited by an attacker...

8.8CVSS6.4AI score0.0045EPSS
Exploits0
Exploit DB
Exploit DB
added 2026/04/10 12:0 a.m.90 views

NetBT e-Fatura - Privilege Escalation

Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type: CWE-428 Unquoted Search Path or Element CVE: CVE-2025-14018 Note: Thanks...

7.3CVSS5.8AI score0.00414EPSS
Exploits3
Redos
Redos
added 2026/04/10 12:0 a.m.4 views

ROS-20260410-73-0006

An XRDP server vulnerability is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS7.8AI score0.01318EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/09 10:37 p.m.3 views

CVE-2026-5858

A flaw was found in WebML in Google Chrome. A remote attacker could exploit a heap buffer overflow vulnerability by enticing a user to visit a specially crafted HTML page. Successful exploitation of this memory corruption flaw could allow the attacker to execute arbitrary code on the affected...

8.8CVSS6.5AI score0.00608EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/09 8:54 p.m.3 views

CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword

Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filterkeyword parameter. Attackers can craft URLs containing JavaScript payloads in the filterkeyword GET parameter of the...

6.1CVSS6.1AI score0.00225EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/09 7:10 p.m.5 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00432EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 7:10 p.m.3 views

Improper Validation of Specified Type of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the client monitoring message handler due to insufficient validation of the queue name supplied by the client. An attacker can execute arbitrary code on the server by sending a crafted...

8.5CVSS6.2AI score0.00432EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/09 6:48 p.m.4 views

CVE-2026-34987 Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch baseline non-default compiler backend may allow properly constructed guest Wasm to access host memory outside of its linear-memory sandbox. This vulnerability requires use of the Winch...

9CVSS5.8AI score0.00278EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 6:17 p.m.2 views

CVE-2026-39911

Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directl...

8.8CVSS0.00545EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/09 6:8 p.m.8 views

Arbitrary Code Injection

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Arbitrary Code Injection via the checksolution function in the HumanEvalBenchmark/MBPPBenchmark component. An attacker can execute arbitrary code by sending specially crafted input remotely...

9.8CVSS7.5AI score0.00387EPSS
Exploits1References2
CVE
CVE
added 2026/04/09 5:57 p.m.14 views

CVE-2026-39911

Hashgraph Guardian up to version 3.5.0 exposes an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker. Authenticated Standard Registry users can pass user-supplied JavaScript expressions to the Node.js Function() constructor, enabling arbitrary code execution wi...

8.8CVSS6.3AI score0.00545EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder