Lucene search
K

1265 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

7.1CVSS0.00182EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 3 days ago5 views

PT-2026-53720

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Improved input validation was implemented to address a flaw where a malicious website could process...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.159, using free after functions in WebRTC in Google Chrome allowed an attacker who convinced a user to visit a malicious website to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS6.7AI score0.02118EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. A malicious website may be able to access restricted ports on arbitrary servers...

5.8CVSS6.6AI score0.01238EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.2, iPadOS 16.2, macOS Ventura 13.1, and Safari 16.2. Visiting a malicious website may result in address bar spoofing...

4.3CVSS6.4AI score0.00965EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in WebKit2GTK

A inconsistent user interface issue has been resolved through improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, and macOS Sonoma 14.1. Visiting a malicious website may result in address bar spoofing...

7.5CVSS6.7AI score0.0086EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved by adding additional restrictions on CSS compositing. This issue has been fixed in tvOS 15, watchOS 8, iOS 15, and iPadOS 15. Visiting a maliciously crafted website may reveal a user’s browsing history...

4.7CVSS5.8AI score0.01114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50500

Name of the Vulnerable Software and Affected Versions Cisco Webex App affected versions not specified Description An issue in the browser-based version of the application allows an unauthenticated remote attacker to redirect users to a malicious webpage. This occurs due to improper input validati...

5CVSS5.9AI score0.00202EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/01 2:1 a.m.21 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/20 5:30 a.m.13 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
NVD
NVD
added 2026/05/14 4:16 p.m.35 views

CVE-2026-42283

DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the...

7.8CVSS0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:21 p.m.13 views

CVE-2026-28920

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 12:41 p.m.29 views

CVE-2026-6402

A flaw was found in webpack-dev-server. When the development server operates over plain HTTP, a remote attacker can exploit a cross-origin source code exposure vulnerability. This allows a malicious website, visited by a developer, to load the bundled application source code as a script and read ...

6.5CVSS5.8AI score0.00216EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 8:8 p.m.16 views

CVE-2026-28920

CVE-2026-28920 describes an information-leakage issue that Apple fixed by adding input/validation checks. The vulnerability affects multiple Apple platforms and is mitigated by updates: iOS/iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, Sonoma 14.8.7, Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS ...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References8Affected Software6
RedHat Linux
RedHat Linux
added 2026/05/11 6:45 p.m.12 views

webkitgtk: A malicious website may be able to process restricted web content outside the sandbox

A flaw was found in WebKitGTK. A maliciously crafted web page may be able to process restricted web content outside the sandbox due to improper memory handling...

8.8CVSS5.7AI score0.00636EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/11 6:45 p.m.10 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.13 views

PT-2026-39784

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...

6.5CVSS5.8AI score0.00323EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/05/05 6:15 p.m.11 views

webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack

A flaw was found in WebKitGTK. A maliciously crafted web page can cause a logic issue due to improper checks and result in a cross-site scripting attack...

4.3CVSS5.6AI score0.00276EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/29 4:17 p.m.7 views

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

5.3CVSS7.5AI score0.00222EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/14 11:18 p.m.9 views

Permissive Cross-domain Policy with Untrusted Domains

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the allowOrigin function. An attacker can access sensitive user data and perform unauthorized actions by...

8.6CVSS5.7AI score0.00335EPSS
Exploits1References2
Rows per page
Query Builder