Lucene search
+L

58 matches found

cve
cve
added 2 days ago5 views

CVE-2026-15770

CVE-2026-15770 affects Google Chrome (V8) prior to 150.0.7871.125. The issue is an uninitialized use in V8 that can allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. Impact is confined to information disclosure; no exploit details or in-the-wi...

6.5CVSS6.1AI score0.0033EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1451 User accounts disclosed to unauthenticated actors on the LAN

Summary The login page discloses all active user accounts to any unauthenticated browsing request originating on the Local Area Network. Details Starting the Home Assistant 2023.12 release, the login page returns all currently active user accounts to browsing requests from the Local Area Network...

4.3CVSS6AI score0.00908EPSS
Exploits1References6
osv
osv
added 2026/06/12 6:11 p.m.3 views

CVE-2026-47236 Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API. The Jetstream web team page authorizes access with only belongsToTeam and then loads and...

4.3CVSS5.9AI score0.00183EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/15 12:0 a.m.13 views

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.44, 3.6.15, and 3.7.0-rc.3. These vulnerabilities stem from the errors middleware module, which forwards the entire set of request headers including...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References1
cve
cve
added 2026/05/05 11:24 a.m.28 views

CVE-2026-42436

OpenClaw before 2026.4.14 has an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail to consistently validate the final browser target after navigation. Authenticated callers can bypass SSRF restrictions to expose internal or disallowed page content by ...

7.7CVSS5.8AI score0.00266EPSS
Exploits0References3
cve
cve
added 2026/04/23 11:50 p.m.18 views

CVE-2026-35503

SenseLive X3050 vulnerable via its web management interface: authentication is performed client-side using hardcoded values in browser-executed scripts, enabling an attacker with access to the login page to retrieve exposed parameters and gain unauthorized administrative access. Base scores are C...

9.8CVSS5.7AI score0.00548EPSS
Exploits0References3Affected Software1
nvd
nvd
added 2026/04/22 7:17 p.m.5 views

CVE-2026-41459

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed rootpath value...

6.9CVSS0.00801EPSS
Exploits2References6
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.10 views

PT-2026-34539

Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root path value...

6.9CVSS5.8AI score0.00801EPSS
Exploits2References8
redhatcve
redhatcve
added 2026/03/24 11:17 a.m.8 views

CVE-2026-33167

A flaw was found in Action Pack, a component of the Rails framework. A remote attacker could exploit this vulnerability by crafting a malicious exception message. When this message is displayed on the debug exceptions page, the improper escaping of the message allows for the injection of arbitrar...

5.4CVSS6AI score0.00401EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/02/10 7:33 a.m.8 views

CVE-2025-66604

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...

5.3CVSS5.4AI score0.00118EPSS
Exploits0References1
nvd
nvd
added 2026/02/09 4:15 a.m.10 views

CVE-2025-66599

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS0.00261EPSS
Exploits0References1
nvd
nvd
added 2026/02/09 4:15 a.m.8 views

CVE-2025-66604

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...

5.3CVSS0.00118EPSS
Exploits0References1
cvelist
cvelist
added 2026/02/09 3:37 a.m.31 views

CVE-2025-66594

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Detailed messages are displayed on the error page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS0.00204EPSS
Exploits0References1
cve
cve
added 2026/02/09 3:37 a.m.15 views

CVE-2025-66594

CVE-2025-66594 affects Yokogawa FAST/TOOLS packages (RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R9.01 to R10.04. The public description notes that detailed messages on the error page could be exploited by an attacker for other attacks, indicating information leakage or error handling weaknesses;...

6.9CVSS5.3AI score0.00204EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/02/09 3:25 a.m.3 views

CVE-2025-66599

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.3AI score0.00261EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/09 3:25 a.m.6 views

CVE-2025-66599

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. Physical paths could be displayed on web pages. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN,...

6.9CVSS5.2AI score0.00261EPSS
Exploits0References2
cvelist
cvelist
added 2026/02/09 3:14 a.m.35 views

CVE-2025-66604

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...

2.1CVSS0.00118EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/02/09 3:14 a.m.6 views

CVE-2025-66604

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The library version could be displayed on the web page. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN,...

2.1CVSS5.3AI score0.00118EPSS
Exploits0References2
osv
osv
added 2026/02/07 8:15 p.m.4 views

CVE-2026-2110

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote...

8.1CVSS4.9AI score0.00681EPSS
Exploits1References4
nvd
nvd
added 2026/02/06 6:15 p.m.17 views

CVE-2025-70963

Gophish =0.12.1 is vulnerable to Incorrect Access Control. The administrative dashboard exposes each user’s long-lived API key directly inside the rendered HTML/JavaScript of the page on every login. This makes permanent API credentials accessible to any script running in the browser context...

7.6CVSS0.00267EPSS
Exploits1References1
Rows per page
Query Builder