Lucene search
K

21381 matches found

Cvelist
Cvelist
added 2026/07/03 8:0 p.m.38 views

CVE-2026-14608 SourceCodester CET Automated Grading System with AI Predictive Analytics POST index.php view_student authorization

A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=viewstudent of the component POST Handler. The manipulation of the argument ID leads to authorization...

5.3CVSS0.00223EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55582

Name of the Vulnerable Software and Affected Versions SourceCodester CET Automated Grading System with AI Predictive Analytics version 1.0 Description An authorization bypass exists in the POST Handler component. Remote exploitation is possible by manipulating the ID variable within the...

5.3CVSS6AI score0.00223EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:42 p.m.8 views

CVE-2026-59099

Apereo CAS 7.3.0 before 8.0.0-RC6 contains a cryptographic vulnerability that allows remote unauthenticated attackers to recover plaintext conversation state by exploiting AES-GCM initialization vector reuse across the server lifetime. Attackers can collect multiple client-side webflow execution...

9.3CVSS6AI score0.00356EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/07/01 5:16 p.m.5 views

CVE-2026-34110

Guardian language-system passes the id GET parameter directly into a PHP exec call in complexstart.php line 14 without sanitization: exec"php jobs/complex.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell metacharacters...

9.8CVSS0.00549EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:21 p.m.8 views

EUVD-2026-41073

Guardian language-system passes the id GET parameter directly into a PHP exec call in translatetext.php line 18 without sanitization: exec"php jobs/translatetext.php ".$loginsession." ".$GET'id'." ...". No authentication is required. An unauthenticated remote attacker can append shell...

9.8CVSS6.1AI score0.00537EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 3:14 a.m.36 views

CVE-2026-20459

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

0.00169EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 3:13 a.m.17 views

CVE-2026-20457

CVE-2026-20457 affects Modem. It describes a system crash caused by improper input validation, potentially enabling remote denial of service when a UE connects to a rogue base station. Exploitation details are not provided in the sources; the CVE notes an adjacent attack vector with high complexi...

5.3CVSS6AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40786

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00255EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40745

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.10 views

PT-2026-54484

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An integer overflow exists in the HTTP request logging path. The win log function allocates list nodes using a calculation based on the length of the HTTP request URI. If the URI length i...

5.3CVSS6.4AI score0.01057EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 11:17 p.m.8 views

CVE-2026-13966

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13972

Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-13956

Incorrect security UI in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00199EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-13918

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2026-13835

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00316EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2026-13810

Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00299EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.4 views

CVE-2026-14087

Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.1AI score0.00279EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.23 views

CVE-2026-14058

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

0.00238EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.21 views

CVE-2026-14024

CVE-2026-14024 : A use-after-free in Ozone within Google Chrome on Linux versions before 150.0.7871.47 allows a remote attacker who entices a user to perform specific UI gestures to potentially trigger heap corruption via a crafted HTML page. Impact is described as high for confidentiality, integ...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.9 views

CVE-2026-14009

Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score0.00253EPSS
Exploits0
Rows per page
Query Builder