Lucene search
K

10081 matches found

Cvelist
Cvelist
added last week24 views

CVE-2026-13807

Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. Chromium security severity: High...

0.00286EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week4 views

CVE-2026-13807

Use after free in Import in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. Chromium security severity: High...

7.5CVSS6.2AI score0.00286EPSS
Exploits0
CVE
CVE
added last week10 views

CVE-2026-13807

CVE-2026-13807 describes a use-after-free in Import for Google Chrome on iOS, exploited by convincing a user to perform specific UI gestures to run arbitrary code via a malicious file. Affected product: Google Chrome for iOS (before 150.0.7871.47). Root cause: use-after-free in the Import path. I...

7.5CVSS6.2AI score0.00286EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58174

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS0.00265EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 3:55 p.m.4 views

EUVD-2026-40355

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 3:55 p.m.10 views

CVE-2026-58174

Hermes WebUI

6.5CVSS5.8AI score0.00265EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-40941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which...

7.1CVSS6.7AI score0.00159EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54084

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description A use after free issue exists in the Import component. This occurs when a remote attacker convinces a user to perform specific UI gestures, potentially leading to arbitrary code...

9.6CVSS6.6AI score0.00413EPSS
Exploits0References439
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-57953

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS0.00249EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 5:21 p.m.6 views

EUVD-2026-40138

Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...

5.4CVSS5.8AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-463 PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak in `execute_code` (subprocess mode)

Summary executecode in praisonaiagents/tools/pythontools.py v1.6.37, subprocess sandbox mode can be fully bypassed using print.self to retrieve the real Python builtins module, from which import can be extracted via vars and runtime string construction. This achieves arbitrary OS command executio...

9.9CVSS6.4AI score0.0012EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-346 gramps-webapi: Zip Slip Path Traversal in Media Archive Import

Summary A path traversal vulnerability Zip Slip exists in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with directory-traversal filenames to write arbitrary files outside the intended temporary extraction directory on the...

9.1CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-395 LlamaIndex includes an exec call for `import {cls_name}`

An issue was discovered in llamaindex before 0.10.38. download/integration.py includes an exec call for import clsname...

9.8CVSS7.3AI score0.00528EPSS
Exploits0References8
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-351 H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

9.8CVSS7.8AI score0.01441EPSS
Exploits1References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/28 11:3 a.m.8 views

Malicious code in fsociety-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 88731d75288f663967fc64dde12b04eb43a2eb3d4113486bf35b1cf3d89ae537 On import, fsocietytools/init.py loads tokens.py, which at module load time instantiates TokenManager. The constructor concatenates eight large strin...

5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/26 5:16 p.m.9 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:23 p.m.6 views

CVE-2026-28385

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/26 4:23 p.m.36 views

CVE-2026-28385 SSRF via image import from URL allows internal network probing by authenticated users

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS0.00172EPSS
Exploits1References2
CVE
CVE
added 2026/06/26 4:23 p.m.11 views

CVE-2026-28385

CVE-2026-28385 : Canonical LXD 4.12–6.9 contains an SSRF in image import from URL sources. Authenticated users with the can_create_images entitlement can leverage the /images endpoint to trigger outbound requests from the LXD daemon, failing to validate or restrict destinations. This allows conta...

5CVSS5.8AI score0.00172EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/26 4:23 p.m.7 views

EUVD-2026-39805

In Canonical LXD versions 4.12 through 6.9, a Server-Side Request Forgery SSRF vulnerability in the image import functionality allows authenticated users with the cancreateimages entitlement to interact with internal network infrastructure via the /images endpoint. When importing an image from a...

5CVSS5.8AI score0.00172EPSS
Exploits1References2
Rows per page
Query Builder