Lucene search
+L

791 matches found

NVD
NVD
added yesterday8 views

CVE-2026-8396

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday12 views

CVE-2026-8396

CVE-2026-8396 is an XML external entity (XXE) vulnerability in NetGIS from Netcad Software Inc. The issue arises from an improper restriction of XML external entity references, enabling Serialized Data External Linking. Affected products/versions: NetGIS 5.0.66 through before 7.2.2 (i.e., 5.0.66 ...

7.5CVSS5.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday25 views

CVE-2026-8396 XXE in Netcad's NetGIS

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...

7.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday7 views

EUVD-2026-45165

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...

7.5CVSS5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60743

Improper restriction of XML external entity reference vulnerability in Netcad Software Inc. NetGIS allows Serialized Data External Linking. This issue affects NetGIS: from 5.0.66 before 7.2.2...

7.5CVSS5.3AI score
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-53516

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS0.00236EPSS
Exploits0References4
NVD
NVD
added 3 days ago6 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-53513 Better Auth: Server-side request forgery via unvalidated OIDC endpoints on @better-auth/sso provider registration

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS0.00252EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-53513

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References5Affected Software2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-44733

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, the @better-auth/sso plugin's POST /sso/register and POST /sso/update-provider endpoints accept attacker-controlled oidcConfig.userInfoEndpoint, tokenEndpoint, and jwksEndpoint URLs when skipDiscovery: tru...

9.6CVSS6.1AI score0.00252EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 3 days ago5 views

CVE-2026-53516

Better Auth is an authentication and authorization library for TypeScript. Prior to 1.6.11, Better Auth's OAuth callback auto-link gate in handleOAuthUserInfo accepts implicit account linking when the OAuth provider asserts emailverified: true without requiring the local user row's emailVerified...

8.3CVSS6.1AI score0.00236EPSS
Exploits0References5Affected Software1
NVD
NVD
added 4 days ago4 views

CVE-2026-50686

Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...

8.1CVSS0.00674EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-50686 Windows OLE Remote Code Execution Vulnerability

...

8.1CVSS0.00674EPSS
Exploits0References1
CVE
CVE
added 4 days ago7 views

CVE-2026-50686

CVE-2026-50686 is a Windows OLE remote code execution vulnerability caused by a type confusion in resource access. It enables network-exposed code execution without authentication and is documented with CVSS v3.1 base score 8.1 (High). Public references identify the affected area as Windows OLE, ...

8.1CVSS6.2AI score0.00674EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability

...

7.8CVSS0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago5 views

CVE-2026-50344 Windows OLE Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 4 days ago5 views

CVE-2026-50344

CVE-2026-50344 corresponds to an Windows OLE elevation-of-privilege vulnerability. Description from sources: “Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally.” Exploitation details are not provided beyond that this is a local privilege escalation ...

7.8CVSS6AI score0.00284EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago7 views

Windows OLE Remote Code Execution Vulnerability

Access of resource using incompatible type 'type confusion' in Windows OLE allows an unauthorized attacker to execute code over a network...

8.1CVSS6.2AI score0.00674EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago5 views

Windows OLE Elevation of Privilege Vulnerability

Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00284EPSS
Exploits0
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-58332

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Improper authorization in Windows OLE Object Linking and Embedding, a framework that allows embedding documents and other objects in one application within another application allows an...

7.8CVSS6.1AI score0.00284EPSS
Exploits0References3
Rows per page
Query Builder