Lucene search
K

252 matches found

CVE
CVE
added yesterday5 views

CVE-2026-50496

CVE-2026-50496 is an out-of-bounds read vulnerability in Windows Network Policy Server SNMP that allows an unauthenticated attacker to disclose information over the network. Affects the SNMP component of Windows NPS; impact is information disclosure with a CVSS v3.1 base score of 7.5 (Network att...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-50470

CVE-2026-50470 describes an out-of-bounds read in Windows Network Policy Server SNMP that could let an unauthenticated attacker disclose information over the network. The vulnerability affects the NPS SNMP handling and has a CVSS v3.1 base score of 7.5 (High) with network attack vector, low attac...

7.5CVSS6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-15416

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS6.3AI score0.00281EPSS
Exploits0References7
NVD
NVD
added 2 days ago5 views

CVE-2026-62185

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS0.00284EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-62185 Argo CD Helm Chart < 10.0.0 Missing Network Policy RCE

Argo CD Helm Chart before 10.0.0 fails to install network policies by default, allowing any pod on a cluster to access repo-server and other Argo APIs. Attackers can exploit this unrestricted network access through combined attacks to achieve cluster compromise and remote code execution...

8.6CVSS0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14076

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.25 views

CVE-2026-13894

Affected software: Google Chrome (Chromium-based). The issue is described as insufficient policy enforcement in the Network component prior to version 150.0.7871.47, allowing an attacker with a privileged network position to bypass navigation restrictions via a crafted HTML page. Severity is rate...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54171

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement within the Network component allows an attacker in a privileged network position to bypass navigation restrictions by using a crafted HTML page...

9.8CVSS5.9AI score0.00413EPSS
Exploits0References448
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39595

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 11:23 p.m.16 views

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

6.4CVSS6AI score0.00149EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.7 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.50 views

CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.8 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.9AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.12 views

SUSE CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 12:16 a.m.29 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.48 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 11:27 p.m.38 views

CVE-2026-11684

CVE-2026-11684 affects Google Chrome’s Network policy enforcement. Affected component: network policy handling in Chrome before 149.0.7827.103. Root cause: insufficient policy enforcement allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTM...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.26 views

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References85
Rows per page
Query Builder