Lucene search
K

23432 matches found

CVE
CVE
added 2026/07/01 1:55 p.m.27 views

CVE-2026-6686

FatFs CVE-2026-6686 affects FatFs R0.16 and earlier. The issue is an uninitialized cluster exposure when f_lseek() extends a file beyond EOF without zero-filling newly allocated clusters, mapping to CWE-908 (Use of Uninitialized Resource). The root cause is not zero-filling or initializing cluste...

4.6CVSS5.8AI score0.00177EPSS
Exploits2References4Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.4 views

CVE-2026-53328

In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...

5.7AI score0.00168EPSS
Exploits0
NVD
NVD
added 2026/07/01 12:16 p.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

8.7CVSS0.0019EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/01 11:28 a.m.7 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References2
CVE
CVE
added 2026/07/01 11:28 a.m.21 views

CVE-2026-13323

Vulnerability CVE-2026-13323 affects Open VSX Registry before 1.0.2. The /vscode/unpkg/ endpoint serves user-supplied HTML without CSP or Content-Disposition headers, enabling a publisher to upload a crafted VSIX and lure authenticated users to visit the URL. This inline rendering in the open-vsx...

8.7CVSS5.8AI score0.0019EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-58519

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS0.00134EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 a.m.12 views

CVE-2026-58518

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 3:59 a.m.7 views

EUVD-2026-40901

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS5.8AI score0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 3:59 a.m.35 views

CVE-2026-58519 Stored XSS through Cargo's map format

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS. This issue affects Mediawiki - Cargo Extension: from before 3.9.1...

6.9CVSS0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:59 a.m.12 views

CVE-2026-58519

CVE-2026-58519 describes an Stored XSS in The Wikimedia Foundation MediaWiki Cargo Extension caused by improper neutralization of input during web page generation. Affected software is MediaWiki Cargo Extension prior to version 3.9.1. The connected sources confirm the vulnerability and its scope ...

6.9CVSS5.8AI score0.00134EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 3:52 a.m.7 views

EUVD-2026-40900

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS5.8AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 3:52 a.m.34 views

CVE-2026-58518

Cross-Site request forgery CSRF vulnerability in The Wikimedia Foundation Mediawiki - RedirectManager Extension allows Cross Site Request Forgery. This issue affects Mediawiki - RedirectManager Extension: from before 1.3.3...

6.9CVSS0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 3:52 a.m.17 views

CVE-2026-58518

The CVE-2026-58518 entry describes a CSRF vulnerability in the MediaWiki RedirectManager Extension prior to version 1.3.3. The affected component is the RedirectManager Extension for MediaWiki; the documented impact is Cross-Site Request Forgery, but no exploitation details, specific vulnerable f...

6.9CVSS5.8AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40841

Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40798

Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...

6.1AI score0.00306EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40768

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40734

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40749

Inappropriate implementation in Views in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.0024EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40727

Use after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40719

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Low...

6.1AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder