Lucene search
+L

2215 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54276

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An improper implementation of XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS by using a crafted HTML page to inject arbitrary scripts or HTML. Recommendatio...

9.8CVSS6.1AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54057

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in ANGLE allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.8CVSS6AI score0.00413EPSS
Exploits0References451
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-54387

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Enterprise component allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is convince...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54178

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Serial component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achiev...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-54291

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A race condition in the WebRTC component on Windows allows a remote attacker to leak cross-origin data by using a specially crafted HTML page. WebRTC Web Real-Time Communication is a...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
NVD
NVD
added 2026/06/29 9:16 p.m.9 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS0.02569EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-522 ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS8AI score0.04452EPSS
Exploits0References10
CVE
CVE
added 2026/06/26 10:58 p.m.18 views

CVE-2026-55975

CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 10:58 p.m.30 views

CVE-2026-55975 H.VIEW HV-500S6 IP Camera OS Command Injection

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS0.00653EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:5 p.m.15 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
OSV
OSV
added 2026/06/26 8:52 p.m.4 views

GHSA-4C3C-R6P8-C863 Flawfinder output manipulation via untrusted filenames and source text

Impact This vulnerability is an improper input neutralization issue leading to output manipulation, specifically, Terminal/ANSI Escape Sequence Injection and XML Injection: Terminal Output Spoofing: A malicious file whose name contains ANSI escape sequences can end up being included in flawfinder...

6AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 3:40 p.m.41 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS0.00113EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 2:33 p.m.5 views

CVE-2026-57436 Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 2:30 p.m.6 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Chromium

The incorrect security UI in Blink in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.7AI score0.00191EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Chromium

In Google Chrome, before version 147.0.7727.55, Race in WebCodecs allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.6AI score0.0018EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.11 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52048

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker to obtain potentially sensitive information from process memory. This is achieved by inducing the victim t...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52041

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References6
OSV
OSV
added 2026/06/23 10:9 p.m.3 views

CVE-2026-54588 Poweradmin has Host Header Injection in OIDC redirect_uri, SAML ACS/SLO URL, and Logout Redirect Construction.

Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTPHOST request header as the authoritative source for building callback URLs in its OIDC, SAML, and logout authentication flows without any validation. An...

9.6CVSS6AI score0.00312EPSS
Exploits0References5
Rows per page
Query Builder