Lucene search
K

8263 matches found

CVE
CVE
added yesterday3 views

CVE-2026-14040

The vulnerability CVE-2026-14040 affects Google Chrome (BrowserTag component) and is a use-after-free that can lead to heap corruption. It requires a user to be convinced to install a malicious Chrome extension to potentially exploit the issue. Affected versions are prior to 150.0.7871.47. The ex...

5.8AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added yesterday4 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.2CVSS6.4AI score0.00552EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday28 views

Xinuo Openserver 5/6 - Cross-Site scripting

Xinuo formerly SCO Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. id: CVE-2020-25495 info: name: Xinuo Openserver 5/6 - Cross-Site scripting author: 0xAkoko severity:...

6.1CVSS6.1AI score0.08142EPSS
Exploits3References5
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

3.7CVSS5.8AI score
Exploits0References1
Debian CVE
Debian CVE
added 2 days ago3 views

CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

3.7CVSS5.8AI score
Exploits0
CVE
CVE
added 2 days ago10 views

CVE-2026-13758

CVE-2026-13758 affects CryptX for Perl versions before 0.088_001. The vulnerability stems from a non-constant-time comparison of AEAD authentication tags in the streaming decrypt_done path, using memNE (memcmp() != 0). The run time varies with the number of matching leading bytes across all five ...

3.7CVSS5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score
Exploits0
NVD
NVD
added 2 days ago5 views

CVE-2026-53429

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS
Exploits0References4
CVE
CVE
added 2 days ago7 views

CVE-2026-53429

Affected software: mdex (0.11.0–0.12.3) and mdex_native (0.1.0–0.2.3). Root cause: native rendering path leaks memory by Box::leak of literal strings for each MDEx.EscapedTag node, with no cap on literal size or node count, causing unbounded memory growth per render and across renders. Trigger: r...

6.9CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2 days ago21 views

CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdexnative allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a docume...

6.9CVSS5.8AI score
Exploits0References4
OSV
OSV
added 2 days ago4 views

EEF-CVE-2026-53429 Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service

Summary Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex\native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering...

6.9CVSS5.8AI score
Exploits0References5
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40151

A flaw was found in libtiff. A remote attacker could exploit this vulnerability by providing a specially crafted PixarLog-compressed TIFF image. This issue occurs when decoding Pixarlog codec images with the PIXARLOGDATAFMT8BITABGR output format and a specific stride value, leading to a heap-base...

7.3CVSS6.7AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago5 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References5
Nuclei
Nuclei
added 2 days ago11 views

WordPress < 4.8.2 - Authenticated Open Redirect

WordPress versions before 4.8.2 contain an open redirect caused by improper validation in wp-admin/edit-tag-form.php and wp-admin/user-edit.php, letting attackers redirect users to malicious sites, exploit requires access to admin interface. id: CVE-2017-14725 info: name: WordPress 4.8.2 -...

5.4CVSS6.8AI score0.02134EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-53685

Name of the Vulnerable Software and Affected Versions mdex versions 0.11.0 through 0.12.2 mdex native versions 0.1.0 through 0.2.2 Description A memory leak occurs in the native rendering code when processing documents containing escaped-tag nodes. The conversion of each %MDEx.EscapedTag node int...

6.9CVSS5.8AI score
Exploits0References8
OSV
OSV
added 5 days ago2 views

GHSA-44HJ-4M45-FRJ3 Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score
Exploits0References3
OSV
OSV
added 5 days ago4 views

DRUPAL-CONTRIB-2026-064

The Tealium iQ Tag Management module provides Drupal integration with Tealium iQ. tealiumiq stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an Object Injection vulnerability when the data are unserialized. This...

5.8AI score
Exploits0References1
Rows per page
Query Builder