Lucene search
+L

90524 matches found

Circl
Circl
added 4 days ago4 views

CVE-2026-55058

creationtimestamp| type| source ---|---|--- 2026-07-14 19:00:58+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0237 2026-07-14 22:03:03+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:00:52+00:00| seen|...

7.8CVSS7.3AI score0.00303EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

RLSA-2026:38492 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: md/bitmap: fix GPF in writepage caused by resize race CVE-2026-43163 kernel: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 kernel: futex/requeue: Prevent NUL...

7.8CVSS6.2AI score0.00126EPSS
Exploits28References4
CVE
CVE
added 4 days ago11 views

CVE-2026-58647

CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...

8CVSS6.1AI score0.00348EPSS
Exploits0References1Affected Software1
CVE
CVE
added 4 days ago51 views

CVE-2026-55008

CVE-2026-55008 affects Microsoft Exchange Server and is caused by improper neutralization of input during web page generation, enabling cross-site scripting. The NVD entry lists a high-severity CVSS 3.1 base score of 9.6 (NETWORK, LOW attack complexity, NONE privileges, user interaction required,...

9.6CVSS6.1AI score0.00725EPSS
Exploits0References1
CVE
CVE
added 4 days ago38 views

CVE-2026-54432

Roundcube Webmail affected: versions before 1.6.17 and 1.7.x before 1.7.2 are vulnerable to a Stored XSS flaw. Root cause: the attachment MIME type is not properly escaped on the attachment-validation warning page, enabling script execution within a victim’s session when an email is viewed. Affec...

4.7CVSS6.1AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-60119 Hi.Events < 1.11.0 XSS via Event Title JSON.stringify Injection

Hi.Events before 1.11.0 contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embedding a malicious event title containing the sequence, which is not escaped by JSON.stringify when...

5.1CVSS6.3AI score0.00171EPSS
Exploits0References8
NVD
NVD
added 4 days ago8 views

CVE-2026-15695

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...

9CVSS0.00796EPSS
Exploits0References6
CVE
CVE
added 4 days ago6 views

CVE-2026-52838

Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...

2.6CVSS6.1AI score0.00184EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-52838 Easy!Appointments disable_booking_message rendered as raw HTML on public booking page — Stored XSS

Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 allow administrators to define a custom "booking disabled" message through the booking settings page. That value is stored in the disablebookingmessage setting via a rich-text editor and later passed directly to the...

2.6CVSS6.1AI score0.00184EPSS
Exploits0References4
CVE
CVE
added 4 days ago7 views

CVE-2026-52837

Summary: Easy!Appointments

6.9CVSS6.1AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-52837 Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page

Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointmenthash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customerdata": ...,...

6.9CVSS6.1AI score0.00352EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

Microsoft PowerBI Report Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...

8CVSS6.1AI score0.00348EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago10 views

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

8.7CVSS6.1AI score0.00718EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago13 views

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS6.1AI score0.00335EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago11 views

Visual Studio Code Security Feature Bypass Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS6.1AI score0.00442EPSS
Exploits0
CVE
CVE
added 4 days ago17 views

CVE-2026-15692

CVE-2026-15692 affects Tenda BE12 Pro firmware 16.03.66.23. The vulnerability lies in the fromSafeUrlFilter function within /goform/SafeUrlFilter, where manipulating the argument page can cause a stack-based buffer overflow. This can be exploited remotely, and public exploits are available. Conne...

9CVSS7.4AI score0.00796EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-15691

The CVE-2026-15691 entry concerns Tenda BE12 Pro 16.03.66.23. It affects the function fromSafeClientFilter in /goform/SafeClientFilter; manipulating the argument page causes a stack-based buffer overflow. The vulnerability can be triggered remotely, and a public exploit has been released. The con...

9CVSS7.4AI score0.00796EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago6 views

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

7.8CVSS6.7AI score0.00145EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago5 views

kernel: Linux kernel: netfilter: ebtables SNAT target writes to shared memory pages during ARP hardware address rewrite

A flaw was found in the Linux kernel's netfilter bridge ebtables SNAT Source Network Address Translation module. This vulnerability allows a local attacker on a system configured with specific bridge netfilter rules to improperly modify underlying memory pages during an ARP Address Resolution...

8.8CVSS6.1AI score0.00129EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago8 views

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

7.8CVSS6.7AI score0.00145EPSS
Exploits0References5
Rows per page
Query Builder