Lucene search
K

6946 matches found

CVE
CVE
added 2026/06/11 3:36 p.m.69 views

CVE-2026-44490

Summary : CVE-2026-44490 affects Axios up to versions before 0.32.0 and 1.16.0, where two read-side prototype-pollution gadgets can cause polluted Object.prototype values to be exposed in headers or trigger TypeError during requests. The root cause is how the merge accumulator and hasOwnProperty ...

8.2CVSS5.5AI score0.00287EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-34417

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References1
Redos
Redos
added 2026/06/11 12:0 a.m.5 views

ROS-20260611-73-0036

The vulnerabilities of the sdlPointerNew and sdlPointerFree functions in the FreeRDP remote desktop protocol are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a malicious actor to cause service failure...

8.7CVSS7.3AI score0.00423EPSS
Exploits0
Veracode
Veracode
added 2026/06/10 3:38 p.m.11 views

Improper Control Of Dynamically-Managed Code Resources

contao/core-bundle is vulnerable to Improper Control of Dynamically-Managed Code Resources. The vulnerability is due to insufficient restrictions in template closures, which allows a back-end user with precise control over template contents to execute arbitrary PHP functions that do not require...

6.6CVSS5.9AI score0.00155EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/06/10 2:38 p.m.8 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

8.7CVSS5.4AI score0.00625EPSS
Exploits2References2
OSV
OSV
added 2026/06/10 5:7 a.m.9 views

MGASA-2026-0190 Updated golang-x-net packages fix security vulnerability

CVE-2024-45338 An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

5.3CVSS6.5AI score0.00856EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 12:33 a.m.8 views

CVE-2026-45328 ESF-IDF: Out-of-Bounds Write in ESP-TEE Secure Service Wrappers

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/09 6:40 p.m.7 views

CVE-2026-6444

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

8.6CVSS5.4AI score0.00279EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/09 1:17 p.m.9 views

GHSA-Q834-8QMM-V933 vulnerabilities

Vulnerabilities for packages: azure-functions-host...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/06/09 1:17 p.m.9 views

CVE-2026-40182 vulnerabilities

Vulnerabilities for packages: azure-functions-host...

5.9CVSS5.4AI score0.00304EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47829

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description An integer truncation in the ASN.1 decoder occurs when parsing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes in length. This issue specifically affects...

9.1CVSS5.6AI score0.00513EPSS
Exploits0References140
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47820

Name of the Vulnerable Software and Affected Versions NETGEAR router models affected versions not specified Description Insufficient input validation allows an authenticated administrator with local network access to submit crafted input. This action bypasses intended management interface...

6.8CVSS5.2AI score0.0018EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

Microsoft PC Manager 权限许可和访问控制问题漏洞

Microsoft PC Manager is a computer management software developed by Microsoft Corporation. It offers features such as one-click acceleration, system space management, pop-up management, and comprehensive health checks. However, Microsoft PC Manager has an access control vulnerability. Attackers c...

7.8CVSS5.8AI score0.00239EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 11:51 p.m.9 views

GHSA-P2J4-C4G6-RPF5 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks

Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only readparquet and arcpartitionagg via regex denylist. The broader DuckDB I/O function family — readcsvauto, readcsv, readjson, readjsonauto, readtext, readblob, glob, parquetmetadata, parquetschema, readxlsx, etc...

7.1CVSS5.6AI score0.00029EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.13 views

CVE-2026-46310

In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...

0.00154EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 1:54 p.m.9 views

JLSEC-2026-600

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6AI score0.00159EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: postgresql

Issue Overview: Use of inherently dangerous function PQfn..., resultisint=0, ... in PostgreSQL libpq loexport, loread, lolseek64, and lotell64 functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets, PQfn..., resultisint=0, ... stores...

8.8CVSS6.5AI score0.00464EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: postgresql16

Issue Overview: Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions...

8.8CVSS6.6AI score0.00668EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.17 views

CVE-2026-46401

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...

5.3CVSS5.5AI score0.00311EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/06 5:54 p.m.86 views

zoneminder-rce-poc

just wait and see Proof of concept for an OS command injectio...

6.8AI score
Exploits0
Rows per page
Query Builder