Lucene search
K

3754 matches found

NVD
NVD
added 2026/06/26 11:17 p.m.14 views

CVE-2026-31928

The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access...

9.8CVSS0.00569EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2020-31260

Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...

5.4CVSS6.1AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52988

Name of the Vulnerable Software and Affected Versions DMP-5000 affected versions not specified Description Devices are shipped with a default administrative web account that utilizes weak authentication controls. These credentials are not required to be changed during the initial configuration or...

9.8CVSS5.8AI score0.00569EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 9:41 p.m.25 views

CVE-2025-71327

Flowise has an authentication bypass in the unprotected /api/v1/account/register endpoint. Unauthenticated attackers can register arbitrary accounts and gain full API access without credentials. CVSS metrics are provided (v3.1: 9.1; v4.0: 9.3), indicating a critical impact on confidentiality and ...

9.3CVSS6AI score0.0046EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52124

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description An issue in the restoreDB function allows authenticated remote attackers to execute arbitrary code in the context of SYSTEM. This occurs due to insufficient validation of a user-supplied...

7.2CVSS7.5AI score0.01477EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52145

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description An authentication bypass issue exists within the 'addclient3' webpage due to improper validation of user-supplied data. This allows remote attackers to inject arbitrary scripts,...

8.8CVSS6.1AI score0.0067EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51521

Name of the Vulnerable Software and Affected Versions FOSSBilling versions 0.5.4 through 0.7.x Description An authorization bypass in the API role handling allows unauthenticated access to privileged '/api/system/' endpoints. Because system resolves to the cron admin identity, attackers can invok...

10CVSS5.9AI score0.00408EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/22 12:34 p.m.7 views

EUVD-2026-38230

Incorrect default permissions in ArubaSign, affecting versions prior to v4.6.6. The vulnerability is caused by the assignment of inappropriate permissions during the software’s default installation, whereby the main executable and other programme files located in C:\Program Files have excessive...

8.8CVSS6.3AI score0.00122EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/19 2:0 p.m.61 views

Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.2CVSS5.8AI score0.00153EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/19 8:50 a.m.9 views

CVE-2026-12460

An insufficient policy enforcement flaw was found in the File System Access component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517484284...

8CVSS5.8AI score0.00153EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.7 views

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.2AI score0.00153EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.23 views

PT-2026-50658

Name of the Vulnerable Software and Affected Versions ibaPDA affected versions not specified ibaDatCoordinator affected versions not specified Description Remote, unauthenticated attackers can exploit a deserialization of untrusted data issue to achieve remote code execution, potentially gaining...

9.8CVSS6.4AI score0.00553EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37545

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 1:20 p.m.19 views

DEBIAN-CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS0.00153EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.6 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50210

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description Insufficient policy enforcement in File System Access allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted PDF file. Site...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
FreeBSD
FreeBSD
added 2026/06/11 12:0 a.m.8 views

chromium -- security fixes

Chrome Releases reports: This update includes 33 security fixes: 516496659 Critical CVE-2026-12437: Use after free in WebShare. 516947912 Critical CVE-2026-12438: Inappropriate implementation in WebView. 519728275 Critical CVE-2026-12439: Use after free in Digital Credentials. 519731619 Critical...

9.6CVSS5.5AI score0.00601EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.15 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.14 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS0.00473EPSS
Exploits0References2
Rows per page
Query Builder