Lucene search
+L

3577 matches found

Cvelist
Cvelist
added 2026/06/30 10:39 p.m.29 views

CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14073

Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.22 views

CVE-2026-13954

The CVE-2026-13954 entry concerns Google Chrome on Android with an XML policy enforcement flaw. The issue is described as insufficient policy enforcement in XML that could allow a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. Affected softw...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/30 9:16 p.m.8 views

CVE-2026-13207

FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by...

8.7CVSS0.00352EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54198

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DeviceBoundSessionCredentials allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.19 views

PT-2026-53906

Name of the Vulnerable Software and Affected Versions Adobe Campaign Classic versions prior to 7.4.3 build 9396 Description An incorrect authorization issue exists that allows for arbitrary code execution in the context of the current user. This flaw does not require user interaction to be...

10CVSS7.5AI score0.00712EPSS
Exploits0References14
CVE
CVE
added 2026/06/29 3:51 p.m.27 views

CVE-2026-13746

Summary: CVE-2026-13746 affects Snowflake CLI prior to 3.19, where improper neutralization of local CLI parameters can cause unintended SQL execution within the user’s Snowflake session. This self-injection is possible because parameters are passed via local CLI arguments, not project files or ex...

5.4CVSS5.9AI score0.0013EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/29 11:50 a.m.9 views

PYSEC-2026-256 Agno is vulnerable to Eval Injection

Agno versions prior to 2.3.24 contain an arbitrary code execution vulnerability in the model execution component that allows attackers to execute arbitrary Python code by manipulating the fieldtype parameter passed to eval. Attackers can influence the fieldtype value in a FunctionCall to achieve...

9.3CVSS6.7AI score0.00852EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 10:33 p.m.35 views

CVE-2026-40082 Cacti: Session Fixation via missing session_regenerate_id() after login

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session Fixation. sessionregenerateid is NOT called after successful login. The login flow at authlogin.php:203-207 directly sets $SESSIONSESSUSER...

5.4CVSS0.00183EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:57 p.m.6 views

CVE-2026-12921

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS5.9AI score0.00128EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 5:57 p.m.37 views

CVE-2026-12921 Use after free in AzeoTech DAQFactory

In AzeoTech DAQFactory versions 21.1 and prior, a Use After Free vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution...

8.4CVSS0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 11:6 p.m.4 views

CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

9.3CVSS6.1AI score0.00456EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 9:5 p.m.11 views

CVE-2026-49278

Rocket.Chat vulnerable component: the visitors.info endpoint leaked a token in responses prior to versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7.10.12. The issue allows token exposure in visitor information responses and is fixed in the listed versions. Affected products/version...

6.7CVSS5.8AI score0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:50 p.m.17 views

CVE-2026-50129

CVE-2026-50129 affects Mastodon before versions 4.5.11, 4.4.18, and 4.3.24. The issue is a DoS caused by an uncaught exception in the math sanitizer’s MATH_TRANSFORMER due to missing exception handling; malformed nodes can crash the server or disrupt services depending on the action and interact...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in PostgresSQL-15

Improper validation of the “oidvector” type in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out the possibility of attacks where confidential information is included in the disclosed bytes, but such attacks seem unlikely. Versions of PostgreSQL pri...

4.3CVSS5.7AI score0.00281EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/24 2:34 a.m.6 views

SUSE CVE-2026-56376

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written to a stale pointer. Remote attackers can trigger it by processing specially crafted image files, causing a denial of service...

6.5CVSS5.9AI score0.00184EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 5:17 p.m.14 views

CVE-2026-54308

n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, the MicrosoftAgent365Trigger and StripeTrigger node did not validate that inbound requests. As a result, an unauthenticated attacker who knows the webhook URL could submit a forged payload and cause the workflow to...

7.2CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:16 p.m.6 views

CVE-2026-48510 MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, when MessagePack-CSharp decompresses Lz4Block or Lz4BlockArray payloads, it reads declared uncompressed lengths from the wire and allocates output buffers based on those lengths before validating that the compressed...

6.3CVSS5.9AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 8:16 p.m.12 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS0.00249EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Versions prior to 4.10.0 contain a stack buffer overflow in decodeoauthtokengcm. A uint16t...

9.8CVSS6.1AI score0.0045EPSS
Exploits1References3
Rows per page
Query Builder