Lucene search
K

815 matches found

CVE
CVE
added yesterday4 views

CVE-2026-13926

CVE-2026-13926 affects Google Chrome: Insufficient validation of untrusted input in the Network stack allows a remote attacker who has already compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Impact is described as enabling navigation bypass; no exploita...

5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

By tricking the browser with a X-Frame-Options header, a sandboxed iframe could present a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.7CVSS6.8AI score0.00654EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 3:16 p.m.9 views

CVE-2026-47139

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM supports excluding public network builtins from the wildcard builtin option. With this configuration direct access to http, https, http2, net, dgram, tls, dns, and dns/promises is blocked. However, Node.js also exposes...

8.6CVSS0.00282EPSS
Exploits0References3
NVD
NVD
added 2026/06/12 7:16 a.m.13 views

CVE-2026-12059

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS0.0045EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 6:30 a.m.32 views

CVE-2026-12059 Cellopoint|CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS0.0045EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.7 views

CVE-2026-21003

Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions...

6.8CVSS5.4AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42930

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.5AI score0.0048EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11184

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00158EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/01 9:0 p.m.9 views

Malicious Package

Overview ishowfeet9 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.8 views

Malicious Package

Overview ishowfeet5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/05/28 2:16 p.m.17 views

CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

6.3CVSS0.0037EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 2:16 p.m.5 views

DEBIAN-CVE-2026-9828

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer c...

6.3CVSS6.4AI score0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:15 p.m.7 views

CVE-2026-21785 HCL BigFix Remote Control Server WebUI is affected by a misconfigured Content Security Policy

A misconfigured Content Security Policy CSP in HCL BigFix Remote Control Server WebUI versions 10.1.0.0442 and earlier fails to define directives without fallbacks, allowing attackers to bypass intended security restrictions and load unauthorized resources...

4CVSS5.8AI score0.00148EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 7:16 p.m.12 views

CVE-2026-5296

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow...

4.3CVSS0.00196EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.6 views

GitLab Enterprise Edition(EE) 安全漏洞

GitLab Enterprise Edition EE is a content management system developed by the American company GitLab. There were security vulnerabilities in versions of GitLab Enterprise Edition EE from 18.7 to 18.10.7, from version 18.11 to 18.11.4, and from version 19.0 to 19.0.1. These vulnerabilities stemmed...

4.3CVSS5.8AI score0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/05/21 8:14 p.m.7 views

GHSA-3G33-6VG6-27M8 Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger

Summary The Fission router registers an internal-style route — /fission-function/ and /fission-function// — for every Function object, independent of whether any HTTPTrigger exists for that function. The route was mounted on the same listener as user-defined HTTPTriggers svc/router, port 8888, so...

9.8CVSS5.9AI score0.00353EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/20 4:45 p.m.12 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/13 6:30 p.m.11 views

EUVD-2026-30007

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.0048EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 2:12 p.m.24 views

CVE-2026-42930

CVE-2026-42930 affects BIG-IP in Appliance mode. An authenticated attacker with the Administrator role may bypass Appliance mode restrictions, enabling read/modify of arbitrary system files (control plane issue; no data plane exposure). Affected branches and fixes per F5 advisories: BIG-IP all mo...

8.7CVSS5.8AI score0.0048EPSS
Exploits0References1Affected Software21
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.9 views

CVE-2026-42930

When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.0048EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder