Lucene search
+L

90500 matches found

CVE
CVE
added 2 days ago6 views

CVE-2026-59838

CVE-2026-59838 is an XSS-type vulnerability described as improper neutralization of script-related HTML tags in Fortinet FortiSIEM. Affected versions span FortiSIEM 7.4.0; 7.3.0–7.3.4; 7.2.0–7.2.6; 7.1.x; 7.0.x; and all 6.x versions (6.4–6.7). The issue could allow an attacker to execute unauthor...

5.9CVSS6.2AI score0.00142EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2 days ago7 views

CVE-2026-61453

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS0.00155EPSS
Exploits0References2
OSV
OSV
added 2 days ago8 views

RLSA-2026:39315 Moderate: libsolv security update

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fixes: libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data CVE-2026-48864 For more details about the security issues,...

7.8CVSS6.2AI score0.00205EPSS
Exploits1References2
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-61453 Grav before 2.0.1 XSS via Twig String Concatenation

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-44650

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

6.1CVSS6.2AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2 days ago4 views

CVE-2026-61453 Grav before 2.0.1 XSS via Twig String Concatenation

Grav v2.0.0 contains a cross-site scripting vulnerability fixed in 2.0.1. The XSS blueprint validator Security::detectXss runs on raw page content before Twig processing. When Twig content processing is enabled twigcontent.processenabled: true, an attacker with page-write API permission can use...

5.1CVSS6.2AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-49458

A flaw was found in DOMPurify, a tool designed to prevent cross-site scripting XSS attacks by sanitizing HTML, MathML, and SVG content. When processing certain types of web page elements, DOMPurify failed to properly identify and sanitize malicious code. This oversight could allow an attacker to...

6.1CVSS6.1AI score0.00288EPSS
Exploits0References6
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2025-65720

An issue in Open Source GPT Researcher v3.3.7 allows attackers to execute arbitrary commands on a victim system via user interaction with a crafted HTML page...

0.0021EPSS
Exploits0References3
NVD
NVD
added 3 days ago6 views

CVE-2026-48287

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...

7.4CVSS0.00139EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-48290

CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...

8.2CVSS6.4AI score0.00177EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago5 views

cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network

A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the page-border value, allowing an attacker to embed and reparse malicious text ...

7.5CVSS7AI score0.00502EPSS
Exploits1References5
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS6.2AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-15775

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00208EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-15778

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00263EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

DEBIAN-CVE-2026-15768

Insufficient policy enforcement in HTML-in-Canvas in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00208EPSS
Exploits0References1
OSV
OSV
added 3 days ago6 views

DEBIAN-CVE-2026-15770

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 3 days ago6 views

DEBIAN-CVE-2026-15766

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00315EPSS
Exploits0References1
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS6.1AI score0.00274EPSS
Exploits0References1
Rows per page
Query Builder