Lucene search
K

252946 matches found

CVE
CVE
added 2026/05/14 7:52 p.m.31 views

CVE-2026-8509

Technical details for CVE-2026-8509 are not publicly available in the provided documents. Monitor for updates from official advisories; no specifics on affected product versions, root cause, exploit status, or fixes are included here.

8.8CVSS6.4AI score0.00397EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/14 7:52 p.m.7 views

CVE-2026-8509

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

6.4AI score0.00397EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/14 7:52 p.m.6 views

CVE-2026-8509

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.4AI score0.00397EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/14 7:52 p.m.35 views

CVE-2026-8509

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Critical...

0.00397EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/14 7:37 p.m.8 views

CVE-2026-8597 Missing integrity verification in Triton inference handler in Amazon SageMaker Python SDK

Missing integrity verification in the Triton inference handler in Amazon SageMaker Python SDK v2 before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to achieve code execution in inference containers via replacement of model artifacts in S3 with a specially crafted pickle...

7.2CVSS6.2AI score0.0039EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 7:25 p.m.8 views

MAL-2026-3760 Malicious code in ethers-abstract-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.13 views

Malicious code in ethers-abstract-signer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e17d355d974f842bc8db3219ce3f1dc6e643f2a5e1ba8dd0b38a404a8f96e9a8 On npm install, the package's postinstall hook spawns a Node one-liner that uses childprocess.exec to curl/wget...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:25 p.m.11 views

Malicious code in ethers-signing-key (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b6735be7311be4f6b4f609762cfb77504fe141bc9d8d5b5c0a75d521119aa2fa The package's npm postinstall hook executes a one-liner that uses childprocess.exec to curl/wget an unpinned Python script from a personal user's...

6.6AI score
Exploits0References2
OSV
OSV
added 2026/05/14 7:25 p.m.7 views

MAL-2026-3774 Malicious code in ts-build-optimize (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 51c637ab7c13ca2f592502f3444ebb24b291422b6388563d04fb8f7ae9030d5a The package masquerades as a TypeScript helper library README is lifted from Microsoft's tslib and references --importHelpers, extends, assign, and a...

6.1AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in npmjs_web3-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 263a0126b20b1d58bc0528a4b7bea19027b94383e00b5b9f03b712d96be89ca7 The package's postinstall lifecycle hook downloads a script from a personal GitHub Gist...

5.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/14 7:24 p.m.12 views

Malicious code in bigint.fs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cb3e0cb5c95475ce69c3672be6acfb9283bc6e29a1d7ba7452c922e7dc96a966 On require/import, index.js runs an IIFE that POSTs a getAccountInfo RPC call to https://api.devnet.solana.com for Solana account...

6.3AI score
Exploits0References1
NVD
NVD
added 2026/05/14 7:16 p.m.12 views

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

9.3CVSS0.01178EPSS
Exploits0References3
Metasploit
Metasploit
added 2026/05/14 7:0 p.m.275 views

Dolibarr ERP/CRM Authenticated Code Injection

Dolibarr ERP/CRM before 17.0.1 allows remote code execution by an authenticated user who has access to the Website module. The application filters lowercase use exploit/unix/http/dolibarrcmsrcecve202330253 msf exploitdolibarrcmsrcecve202330253 show targets ...targets... msf...

8.8CVSS8.8AI score0.79335EPSS
Exploits16
Cvelist
Cvelist
added 2026/05/14 6:44 p.m.49 views

CVE-2026-44522 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS0.00495EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 6:44 p.m.25 views

CVE-2026-44522

Vulnerability summary (CVE-2026-44522) Note Mark up to 0.19.3 allows authenticated users to upload assets with a crafted X-Name header containing directory traversal. The asset name is stored in the database without validation, and is later passed directly to filepath.Join()/path.Join() during ex...

8.6CVSS6AI score0.00495EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 6:31 p.m.18 views

EUVD-2026-30362

mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modifycrond and /starttask interfaces, it is possible to modify the default built-in scheduled tasks and start...

9.3CVSS6AI score0.01032EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 6:25 p.m.36 views

CVE-2026-44670 SiYuan: Stored XSS via Attribute View name to Electron renderer RCE in SiYuan

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via...

9.4CVSS0.00509EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 6:1 p.m.9 views

RLSA-2026:17533 Important: gimp:2.8 security update

The GIMP GNU Image Manipulation Program is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo. Security Fixes: gimp: GIMP:Memo...

7.8CVSS7.4AI score0.00755EPSS
Exploits1References5
Rockylinux
Rockylinux
added 2026/05/14 6:1 p.m.13 views

gimp:2.8 security update

An update is available for module.pygobject2, gimp, module.gimp, pygtk2, module.pygtk2, module.python2-pycairo, python2-pycairo, pygobject2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

7.8CVSS7.4AI score0.00755EPSS
Exploits1
Debian
Debian
added 2026/05/14 5:56 p.m.14 views

[SECURITY] [ERRATUM] [SECURITY] [DLA 4571-1] apache2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4571-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 08, 2026 https://wiki.debian.org/LTS -...

9.8CVSS6.2AI score0.01325EPSS
Exploits2
Rows per page
Query Builder