Lucene search
K

38572 matches found

RedHat Linux
RedHat Linux
added 2026/04/13 10:5 a.m.1 views

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

9.6CVSS7.2AI score0.00773EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 10:5 a.m.4 views

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component...

10CVSS7.2AI score0.00665EPSS
Exploits0References6
CVE
CVE
added 2026/04/13 9:10 a.m.14 views

CVE-2026-35565

The CVE affects Apache Storm UI before 2.8.6. The Storm UI visualization component interpolates topology metadata (component IDs, stream names, grouping values) directly into HTML via innerHTML in parseNode() and parseEdge() without sanitization, enabling stored XSS when an authenticated user wit...

5.4CVSS5.9AI score0.00466EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/13 6:30 a.m.4 views

EUVD-2026-21853

A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatboxPHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. T...

6.9CVSS5.5AI score0.00308EPSS
Exploits0References6
CVE
CVE
added 2026/04/13 4:30 a.m.8 views

CVE-2026-6160

The CVE-2026-6160 entry concerns code-projects Simple ChatBox 1.0. The vulnerability affects the Endpoint component, specifically the function SimpleChatbox_PHP in the chatbox.sql file, where manipulation can cause file and directory information disclosure. Attacks can be initiated remotely, and ...

6.9CVSS5.7AI score0.00308EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/13 2:29 a.m.4 views

firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

8.8CVSS5.8AI score0.0035EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.4 views

MaxKB 代码注入漏洞

MaxKB is an open-source question-answering system based on large language models and RAG, developed by 1Panel-dev. Versions of MaxKB 2.4.2 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations on the MdPreview component in the file ui/src/chat.ts, whi...

5.1CVSS5.7AI score0.00266EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/13 12:0 a.m.2 views

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

6.1AI score0.02183EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

KubePlus 安全漏洞

KubePlus is an open-source Kubernetes multi-tenant application management platform developed by cloud-ark. Version 4.14 of KubePlus contains a security vulnerability. This vulnerability stems from the /registercrd endpoint in the kubeconfiggenerator component, which fails to clean up or validate...

8.8CVSS5.8AI score0.02183EPSS
Exploits1References3
Amazon
Amazon
added 2026/04/13 12:0 a.m.8 views

Important: gdk-pixbuf2

Issue Overview: In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a deni...

7.8CVSS8AI score0.01069EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.4 views

PT-2026-32443

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0 through 11.0.20, from 10.1.0 through 10.1.53, from 9.0.13 through 9.0.116. Users are...

7.5CVSS5.8AI score0.00447EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/13 12:0 a.m.1 views

CVE-2026-30998

An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via supplying a crafted input file...

5.8AI score0.004EPSS
Exploits1References3
CVE
CVE
added 2026/04/13 12:0 a.m.15 views

CVE-2026-30998

FFmpeg 8.0.1 contains an improper resource deallocation and closure vulnerability in the tools/zmqsend.c component, which can be triggered by a crafted input file to cause a Denial of Service. The issue is documented across multiple connected sources (SUSE Red Hat, NVD, etc.) with no publicly ava...

7.5CVSS5.8AI score0.004EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.3 views

PT-2026-32496

Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions...

9.8CVSS5.9AI score0.00373EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.7 views

RHEL 9 : firefox (RHSA-2026:7845)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7845 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

10CVSS5.9AI score0.00773EPSS
Exploits0References76
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.9 views

RHEL 9 : firefox (RHSA-2026:7841)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7841 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

10CVSS7.3AI score0.00773EPSS
Exploits0References76
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.2 views

RHEL 9 : firefox (RHSA-2026:7837)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7837 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

10CVSS5.9AI score0.00773EPSS
Exploits0References76
EUVD
EUVD
added 2026/04/12 9:31 a.m.7 views

EUVD-2026-21726

A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed...

9CVSS7.9AI score0.00673EPSS
Exploits0References6
CVE
CVE
added 2026/04/12 9:0 a.m.12 views

CVE-2026-6124

CVE-2026-6124 affects Tenda F451 1.0.0.7, specifically the httpd component’s function fromSafeMacFilter in /goform/SafeMacFilter. The issue involves a stack-based buffer overflow triggered by manipulating the argument page/menufacturer, with the attack described as remote and the exploit publicly...

9CVSS7.9AI score0.00673EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/12 7:30 a.m.32 views

CVE-2026-6122 Tenda F451 httpd L7Prot frmL7ProtForm stack-based overflow

A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS0.00541EPSS
Exploits0References5
Rows per page
Query Builder