Lucene search
K

2180 matches found

Fedora
Fedora
added 3 days ago6 views

[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44

Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...

9.8CVSS6.1AI score0.00663EPSS
Exploits0
OSV
OSV
added 4 days ago2 views

CVE-2026-54714 Logto: XSS via unescaped RelayState in SAML auto-submit form

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References6
CVE
CVE
added 4 days ago8 views

CVE-2026-55466

Snipe-IT prior to 8.6.2 is affected. The vulnerability arises because UploadFileRequest sanitizes SVGs only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without StorageHelper::allowSafeInline(), allowing a low-privilege user to upload active XHTML or ...

6.2CVSS6.1AI score0.00351EPSS
Exploits0References3
NVD
NVD
added 5 days ago8 views

CVE-2026-31982

An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...

7.1CVSS0.00167EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2026-42454

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00233EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in Views allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...

9.6CVSS6AI score0.0026EPSS
Exploits0References37
OSV
OSV
added last week7 views

GO-2026-5919 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References2
OSV
OSV
added last week4 views

PYSEC-2026-1431 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 8:10 p.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
Ivanti
Ivanti
added 2026/07/03 11:45 a.m.16 views

SAML 2.0 SP signature validation behaviour from ICS 25.1.3.0

Last Modified Date Jul 3, 2026 11:45:26 AM...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/07/02 8:42 p.m.25 views

EUVD-2026-12688

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References11
OSV
OSV
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-724 Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...

8.8CVSS7.6AI score0.20947EPSS
Exploits1References9
EUVD
EUVD
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41192

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 11:16 p.m.5 views

DEBIAN-CVE-2026-14403

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score0.00257EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

UBUNTU-CVE-2026-14389

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.9AI score0.00242EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40825

Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00163EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40794

Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.0028EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40824

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40773

Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40756

Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.9AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder