Lucene search
K

17573 matches found

EUVD
EUVD
added 7 hours ago4 views

EUVD-2026-41882

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted lockfile alias could be joined directly under a hoisted nodemodules directory. Traversal aliases could escape that directory, while reserved aliases such as .bin or .pnpm could overwrite pnpm-owned layout. This vulnerability is fix...

7.1CVSS5.9AI score
Exploits0References1
Nuclei
Nuclei
added 19 hours ago52 views

WordPress Tutor LMS <2.0.10 - Cross Site Scripting

WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the resetkey and userid parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the conte...

6.1CVSS6.4AI score0.01347EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday20 views

NocoBase - VM Sandbox Escape to Remote Code Execution

NocoBase Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODULES env var. The console object passed into the sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout and...

9.9CVSS6.3AI score0.36503EPSS
Exploits7References3
Tenable Nessus
Tenable Nessus
added 3 days ago2 views

Anthropic Claude Code 2.1.38 < 2.1.163 Sandbox Escape (CVE-2026-55607)

The version of Anthropic Claude Code installed on the remote host is 2.1.38 prior to 2.1.163. It is, therefore, affected by a sandbox escape vulnerability: - Claude Code's worktree handling allowed creation of worktrees named '.git' and navigation to worktrees outside the sandbox context, enablin...

8.8CVSS6.4AI score0.0071EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Ubuntu 24.04 LTS : Linux kernel (Xilinx) vulnerabilities (USN-8499-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8499-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

9.8CVSS7.3AI score0.96267EPSS
Exploits285References517
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Ubuntu 22.04 LTS / 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8497-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8497-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as...

9.8CVSS7.3AI score0.93235EPSS
Exploits61References322
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Ubuntu 26.04 LTS : Linux kernel (OEM) vulnerabilities (USN-8489-1)

"The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8489-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag....

9.8CVSS7.3AI score0.93235EPSS
Exploits62References166
NVD
NVD
added 4 days ago7 views

CVE-2026-53422

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS0.00333EPSS
Exploits0References7
OSV
OSV
added 4 days ago3 views

USN-8501-1 linux vulnerabilities

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-43503 Several security issues...

9.8CVSS7.1AI score0.00563EPSS
Exploits11References15
OSV
OSV
added 4 days ago4 views

USN-8499-1 linux-xilinx vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 It was discovered that the Linux kernel did n...

9.8CVSS7.2AI score0.96267EPSS
Exploits285References517
The Hacker News
The Hacker News
added 4 days ago7 views

ThreatsDay: AI Compute Hijacking, Apple Email Flaw, BlueHammer Ransomware + 14 Stories

This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small permissions, weak check...

7.8CVSS7.8AI score0.06749EPSS
Exploits3
RedHat Linux
RedHat Linux
added 4 days ago6 views

kernel: Arm Processors: Privilege escalation or information disclosure via writes to higher exception level resources

A flaw was found in the Linux kernel on ARM processors. A race condition in Translation Lookaside Buffer Invalidation TLBI operations during memory permission changes allows a local attacker to write to memory resources owned by higher privilege levels. This could allow an unprivileged local...

9.1CVSS5.8AI score0.00474EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41170

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41175

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41168

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41187

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41156

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-41181

Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41199

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41201

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00215EPSS
Exploits0References3
Rows per page
Query Builder