Lucene search
K

2478 matches found

Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42569

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/page/bulk/design' endpoint. CSRF is a flaw that allows an attacker to induce users to perform actions they do not...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 2026/05/19 9:30 a.m.27 views

CVE-2026-31906

CVE-2026-31906 affects Apache OFBiz up to version 24.09.05 (pre-24.09.06). The issue is an improper neutralization of input during web page generation, i.e., Cross-Site Scripting (XSS). Some sources describe it as a reflected XSS due to improper HTML attribute escaping in layered-modal dialog par...

6.1CVSS5.8AI score0.0044EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 9:30 a.m.10 views

CVE-2026-31906 Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.0044EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:30 a.m.41 views

CVE-2026-31906 Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog Parameters

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

0.0044EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 9:20 a.m.9 views

firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...

8.8CVSS6.8AI score0.00762EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

VMware Spring AI 安全漏洞

VMware Spring AI is a development framework created by VMware Corporation in the Spring ecosystem, which integrates artificial intelligence and large language model capabilities. VMware Spring AI has a security vulnerability. This vulnerability allows malicious users to manipulate the behavior of...

8.2CVSS5.7AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 10:38 p.m.6 views

CVE-2026-7998

An insufficient validation of untrusted input flaw was found in the Dialog component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491676472...

5.4CVSS5.7AI score0.0019EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/08 2:25 a.m.7 views

SUSE CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.9 views

Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

5.4CVSS5.8AI score0.0019EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-7998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process ...

5.4CVSS5.9AI score0.0019EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2026-28100

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 7:16 p.m.6 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS0.0019EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.9 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References1
Hacker One
Hacker One
added 2026/05/06 7:15 p.m.15 views

PortSwigger Web Security: UI Consent Bypass via Comma Injection in `addAutoApproveTarget` — User-Approval Dialog and Persistence Layer Disagree on Target Scope, Yielding Authen

A vulnerability was discovered in Burp Suite MCP Server BApp v1.2.1 where the addAutoApproveTarget function failed to validate the hostnames passed to it. This allowed a malicious MCP client to inject a comma-separated hostname, which was then persisted as multiple independent allow-list entries...

5.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/06 6:13 p.m.7 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:13 p.m.17 views

CVE-2026-7998

Google Chrome prior to 148.0.7778.96 exposes a UI spoofing risk in the Dialog component due to insufficient validation of untrusted input. The root cause is improper input validation in Dialog, which could be leveraged by a remote attacker who has already compromised the renderer process to craft...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:13 p.m.10 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 6:13 p.m.8 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/06 6:13 p.m.9 views

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0019EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/05 8:52 p.m.9 views

CVE-2026-40068 Claude Code arbitrary code execution via git worktree commondir trust dialog bypass

In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted, causing Claude Co...

7.7CVSS5.8AI score0.00281EPSS
Exploits0References1
Rows per page
Query Builder