Lucene search
K

700 matches found

OSV
OSV
added 17 hours ago4 views

ROOT-OS-DEBIAN-13-CVE-2026-53106 CVE-2026-53106 in rootio-linux - Patched by Root

Root has patched CVE-2026-53106 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.8AI score0.00145EPSS
Exploits0
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-43707

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...

0.00164EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...

7.2CVSS6AI score0.0081EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/06/22 11:18 p.m.3 views

Improper Enforcement of Behavioral Workflow

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the improper handling of recovery codes in app-based multi-factor authentication...

9.1CVSS5.9AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.6 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in libpng1.6

LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Starting from version 1.6.0 until 1.6.51, there was a heap buffer overflow vulnerability in the libpng simplified API function pngimagefinishread, when processing...

7.1CVSS6.5AI score0.00224EPSS
Exploits4References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

7.5CVSS7.5AI score0.01287EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.6 views

EUVD-2026-36784

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00312EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:19 p.m.6 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49398

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS
Exploits0References2
Circl
Circl
added 2026/06/13 6:1 p.m.11 views

CVE-2026-5513

creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...

7.2CVSS5AI score0.00312EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/06/12 6:30 p.m.10 views

Tornado has out-of-bounds memory access via C extension

Summary Tornado's optional native extension tornado.speedups implements websocketmask without validating that the mask argument is exactly four bytes long. The C function reads four bytes from mask unconditionally, even when Python passes a shorter byte string. This can read beyond the provided...

5.3AI score0.00027EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48929

Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...

5.4CVSS5.2AI score0.0017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.7 views

CVE-2026-48297

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.9 views

CVE-2026-47983

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.10 views

CVE-2026-47962

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.9 views

CVE-2026-47953

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35715

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.9 views

EUVD-2026-35632

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References2
Rows per page
Query Builder