Lucene search
K

5893 matches found

NVD
NVD
added yesterday9 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-42193

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
CVE
CVE
added yesterday6 views

CVE-2026-57250

CVE-2026-57250 affects Foxit PDF Editor/Reader when opening a PDF and JavaScript resets form fields, causing a re-entry into the interface that damages a native object. The app validates insufficiently, and the function call on the damaged object leads to a crash. The CVSS v3.1 vector is LOCAL/Ux...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-57250 Foxit PDF Editor/Reader Form Field Use-After-Free Vulnerability

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday41 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS7.2AI score0.0122EPSS
Exploits0References4
Nuclei
Nuclei
added 2 days ago55 views

Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret

Dragonfly is an open source P2P-based file distribution and image acceleration system. It is hosted by the Cloud Native Computing Foundation CNCF as an Incubating Level Project. Dragonfly uses JWT to verify user. However, the secret key for JWT, "Secret Key", is hard coded, which leads to...

9.8CVSS5.8AI score0.33618EPSS
Exploits1References4
OSV
OSV
added 6 days ago4 views

ALPINE-CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.00479EPSS
Exploits1References1
NVD
NVD
added 6 days ago7 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS0.00479EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41499

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

6AI score0.00479EPSS
Exploits1References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-11564 Native CA trust persist

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

0.00479EPSS
Exploits1References3
CVE
CVE
added 6 days ago18 views

CVE-2026-11564

CVE-2026-11564 (libcurl) describes an issue where libcurl keeps previously used connections in a pool and may continue trusting the native CA store after an application switches a handle to custom CA material for a later transfer. The connected sources confirm this behavior across multiple feeds ...

9.1CVSS6AI score0.00479EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-11564

libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. An easy handle that first uses default native CA trust can continue trusting the native platform store after the application switches that same handle to custom CA...

9.1CVSS6AI score0.00479EPSS
Exploits1References3
Cvelist
Cvelist
added last week33 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
EUVD
EUVD
added last week7 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
OSV
OSV
added last week7 views

GHSA-P73F-W79W-JQR5 OpenClaw: Native command authorization could skip owner-command enforcement

Summary Native command authorization could skip owner-command enforcement. In affected versions, a sender able to trigger native command handling could authorize a native command without enforcing the configured owner-only command policy. This advisory is scoped to the named feature and...

7.2CVSS6AI score0.00267EPSS
Exploits0References2
Opera Security Advisories
Opera Security Advisories
added 2026/07/02 12:0 a.m.5 views

Here’s how Opera’s Paste Protect guards you natively against clipboard attacks

News, Security Here’s how Opera’s Paste Protect guards you natively against clipboard attacks Share July 2nd, 2026 At Opera, user security is a top priority. That’s why today, we are excited to announce that Opera is the first browser to introduce Paste Protect: a native defense measure against...

8.8CVSS7.5AI score0.01654EPSS
Exploits4References1
NVD
NVD
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 6:20 p.m.13 views

EUVD-2026-36101

Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container...

4.9CVSS5.8AI score0.00255EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/30 6:17 p.m.12 views

EUVD-2026-36097

Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References5
Rows per page
Query Builder