Lucene search
K

1205 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-42986

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, POST /api/v1/kits/kitid/licenses checks whether the caller can edit kits but does not authorize access to the referenced license object, allowing a low-privilege user with predefined-kit permissions to bind a license they should n...

5.4CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42548

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Inrove Software and Internet Services BiEticaret allows SQL Injection. This issue affects BiEticaret: before v3.3.57...

9.8CVSS6AI score0.00436EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-15133

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-15120

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-15110

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

6AI score0.00154EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-15110

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

0.00154EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-59806

Gradio before 6.20.0 is affected by an open redirect and server-side request forgery via the /gradio_api/file= endpoint, allowing an attacker to redirect users to arbitrary URLs or perform client-side SSRF by supplying unvalidated HTTP/HTTPS URLs to file_fetch(). Attackers could craft a malicious...

7.4CVSS6AI score0.00247EPSS
Exploits0References5
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-59924

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Include.parse joins and normalizes user-supplied include paths without verifying that the result remains within the intended markdown directory, allowing crafted include paths to access files outside that directory wh...

5.9CVSS6AI score0.0034EPSS
Exploits1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-57895

Incorrect default permissions issue exists in Pupsman versions prior to 3.9.0. An attacker can place a malicious executable in the installation folder, which results in arbitrary code execution with SYSTEM privilege...

8.5CVSS0.0011EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42165

Uncontrolled search path element issue exists in Pupsman versions prior to 3.9.0. If a crafted DLL file is placed in the same folder as the affected installer and the installer is executed, arbitrary code may be executed with SYSTEM privilege...

8.4CVSS6.1AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-56631

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.0026EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 3 days ago3 views

Linux Distros Unpatched Vulnerability : CVE-2026-58266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Anki is a program for creating and reviewing flashcards. Prior to 25.09.4, Anki's webview-based pages communicate with the Rust backend using an internal...

6.5CVSS6.2AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-50007 Actual: Shared users can perform owner-only file management actions

Actual is an open-source personal finance application. Prior to 26.7.0, a missing authorization issue allows a shared user with useraccess on a budget file to perform owner-only file management actions. A non-owner shared user can call file-management endpoints intended for higher-privilege users...

7.2CVSS0.00246EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.7 views

Ubiquiti UniFi OS < 5.1.12 Multiple Vulnerabilities

According to its self-reported version, the remote Ubiquiti UniFi OS device is prior to 5.1.12. It is, therefore, affected by multiple vulnerabilities: - A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make...

10CVSS7.3AI score0.78555EPSS
Exploits4References4
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41204

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00247EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium securi...

6.5CVSS6.2AI score0.00247EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 11:16 p.m.2 views

DEBIAN-CVE-2026-14426

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 11:16 p.m.6 views

CVE-2026-14398

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS0.00215EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 11:16 p.m.6 views

CVE-2026-14387

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS0.00276EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 11:16 p.m.5 views

CVE-2026-14383

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00348EPSS
Exploits0References2
Rows per page
Query Builder