Lucene search
+L

757 matches found

cnnvd
cnnvd
added 2026/06/02 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from improper implementation of the file input feature, which could allow remote attackers to exploit UI deception through...

4.3CVSS5.3AI score0.00154EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/06/01 12:0 a.m.11 views

Code-Projects Online Hospital Management System SQL注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the editid...

6.5CVSS6.6AI score0.002EPSS
Exploits0References6
mscve
mscve
added 2026/05/29 11:21 p.m.17 views

Chromium: CVE-2026-9997 Use after free in Input

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.8AI score0.00178EPSS
Exploits0
attackerkb
attackerkb
added 2026/05/28 10:25 p.m.9 views

CVE-2026-9997

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00178EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/05/28 10:25 p.m.41 views

CVE-2026-9997

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00178EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/28 10:25 p.m.12 views

CVE-2026-9933

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00222EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/28 10:25 p.m.37 views

CVE-2026-9933

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.00222EPSS
Exploits0References2
osv
osv
added 2026/05/21 8:39 p.m.7 views

USN-8294-1 postgresql-14, postgresql-16, postgresql-17, postgresql-18 vulnerabilities

It was discovered that PostgreSQL did not correctly enforce authorization for CREATE TYPE. An attacker could possibly use this issue to execute arbitrary SQL functions. CVE-2026-6472 It was discovered that PostgreSQL incorrectly handled large user input in multiple server features. An attacker...

8.8CVSS6.3AI score0.00668EPSS
Exploits0References12
osv
osv
added 2026/05/21 5:9 p.m.5 views

CVE-2026-48223 Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics213rr.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

5.1CVSS6AI score0.00212EPSS
Exploits0References5
kaspersky
kaspersky
added 2026/05/21 12:0 a.m.23 views

KLA91070 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Tab Groups can be...

8.8CVSS6.6AI score0.00796EPSS
Exploits0References21
ptsecurity
ptsecurity
added 2026/05/21 12:0 a.m.14 views

PT-2026-42492

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add nm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id POST parameter directly into an HTML form input value attribute and an...

5.4CVSS5.8AI score0.00212EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Input: iforce – invert the valid length check when fetching device IDs. syzbot is reporting an uninitialized value at iforceinitdevice 1. The commit 6ac0aec6b0a6 “Input: iforce – allow callers to supply a data buffer when fetchin...

5.5CVSS6.3AI score0.00165EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in CGal

There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h, specifically in the slh-incidentsface function of SNCioParser::readsloop. An attacker can provide malicious input to trigger...

10CVSS8.7AI score0.02878EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/14 7:52 p.m.38 views

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

0.00207EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/05/14 7:52 p.m.14 views

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.8AI score0.00207EPSS
Exploits0
kaspersky
kaspersky
added 2026/05/12 12:0 a.m.23 views

KLA91044 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Denial of...

9.6CVSS6.6AI score0.00498EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/11 12:0 a.m.37 views

CVE-2025-61306

A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

0.00236EPSS
Exploits0References3
nvd
nvd
added 2026/05/04 8:16 p.m.22 views

CVE-2026-41924

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the makeRequest.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the settime or StartSniffer functions. Attackers can...

9.3CVSS0.02707EPSS
Exploits0References3
snyk
snyk
added 2026/04/09 2:22 p.m.6 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the handling of environment variables in the exec env denylist. An attacker can execute arbitrary commands by injecting malicious values into...

8.6CVSS6AI score0.00188EPSS
Exploits0References3
cve
cve
added 2026/04/06 4:49 p.m.23 views

CVE-2026-35035

Summary: CVE-2026-35035 affects CI4MS (CodeIgniter 4-based CMS skeleton). A stored XSS vulnerability exists in System Settings – Company Information where attacker-controlled fields (e.g., Company Name, Slogan, contact fields, Google Maps link, media fields) are input and persisted server-side, t...

9CVSS6AI score0.00455EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder