Lucene search
K

10979 matches found

Cvelist
Cvelist
added 2026/06/12 9:57 p.m.31 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 9:57 p.m.5 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:8 p.m.12 views

EUVD-2026-35396

TYPO3 CMS has Broken Access Control in the Recycler Module...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/12 12:58 p.m.32 views

CVE-2026-47200 Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`

Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, when experimental.componentIslands is enabled default in Nuxt 4, any...

6.3CVSS0.0023EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2026/06/12 9:27 a.m.16 views

Fake verification pages are stealing Steam accounts from players

Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...

5.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.17 views

PT-2026-49023

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...

5.2AI score0.00118EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/11 5:53 a.m.9 views

Cross-Site Scripting (XSS)

CKAN is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-supplied input in the helpers.markdownextract function before it is wrapped in an HTML literal element, which allows an attacker to inject and execute malicious scripts on dataset,...

6.3CVSS5.6AI score0.00204EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability caused by an improper implementation in the Headless component. This vulnerability could allow remote attackers to execute a sandbox escape by exploiting a...

9.6CVSS5.6AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.115 contained a security vulnerability, which was caused by improper implementation of the password function. This vulnerability could allow remote attackers to bypass site...

3.1CVSS5.3AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.19 views

PT-2026-48698

Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp ajax nopriv ftf get site info includes/Site Info.php that verified a nonce ftf-fediverse-embeds-nonce and then called file get html$site url on the...

5.3CVSS5.3AI score0.00229EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-48268

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.8 views

SUSE CVE-2026-46325

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...

9.8CVSS5.5AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35507

Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...

8.4CVSS5.4AI score0.00814EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-48562

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS0.00505EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.10 views

EUVD-2026-35584

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS7.1AI score0.00505EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:4 p.m.25 views

CVE-2026-45467

CVE-2026-45467 describes an XSS vulnerability in Microsoft Office SharePoint Server caused by improper neutralization of input during web page generation. The issue can allow a network-based, authenticated attacker with low privileges to spoof content presented to users, requiring user interactio...

5.4CVSS5.4AI score0.00505EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.13 views

Microsoft SharePoint Server Spoofing Vulnerability

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

5.4CVSS6.6AI score0.0051EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/09 12:25 p.m.10 views

CVE-2026-46325

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...

9.8CVSS5.3AI score0.00347EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 12:25 p.m.28 views

CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGESIZE The current implementation incorrectly handles memory regions MRs with page sizes different from the system PAGESIZE. The core issue is that rxesetpage is called...

9.8CVSS0.00347EPSS
Exploits0References3
Rows per page
Query Builder