Lucene search
K

8270 matches found

Cvelist
Cvelist
added 2026/06/16 7:27 p.m.13 views

CVE-2026-46770

...

6.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 2:16 a.m.10 views

CVE-2026-1766

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

6.1CVSS0.00158EPSS
Exploits1References2
CVE
CVE
added 2026/06/16 12:34 a.m.45 views

CVE-2026-1766

CVE-2026-1766 concerns GNOME localsearch (tracker-extract-mp3) and its MP3 Extractor, where a heap buffer overflow occurs while parsing MP3 files with malformed ID3v2.3 COMM tags. Exploitation can cause DoS (crash) and may disclose heap data. Public advisories and patches exist across multiple ve...

6.1CVSS5.5AI score0.00158EPSS
Exploits1References2Affected Software2
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2025-210149

A heap use-after-free in the gfnodegettag function scenegraph/basescenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS5.2AI score0.00188EPSS
Exploits1References3
OSV
OSV
added 2026/06/15 5:20 p.m.4 views

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.5AI score0.00167EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 5:20 p.m.8 views

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

8.6CVSS5.4AI score0.00167EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 4:51 p.m.5 views

GHSA-692R-GRFM-V8X7 @angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

5.3CVSS6.2AI score0.00238EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.28 views

@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References4Affected Software1
SUSE Linux
SUSE Linux
added 2026/06/15 8:6 a.m.7 views

Security update for openssl-3

This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.4AI score0.02719EPSS
Exploits0References36
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.8 views

PT-2026-49565

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.0-rc.2 Angular versions prior to 21.2.16 Angular versions prior to 20.3.24 Angular versions prior to 19.2.25 Description A Cross-Site Scripting XSS issue exists in the domino DOM emulation dependency of...

8.6CVSS6AI score0.00167EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.11 views

PT-2026-49271

A heap use-after-free in the gf node get tag function scenegraph/base scenegraph.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.3AI score0.00188EPSS
Exploits1References2
NVD
NVD
added 2026/06/13 8:16 a.m.12 views

CVE-2026-9629

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS0.00199EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:4 a.m.5 views

Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

...

4.8CVSS5.8AI score0.0021EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/13 7:51 a.m.21 views

CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS0.00199EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/13 7:51 a.m.7 views

CVE-2026-9629 Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/13 7:51 a.m.11 views

EUVD-2026-36648

The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References6
CVE
CVE
added 2026/06/13 7:51 a.m.24 views

CVE-2026-9629

The Canvas plugin for WordPress (Canvas) contains a Stored Cross-Site Scripting vulnerability via the 'tag' parameter in all versions up to 2.5.2 due to insufficient input sanitization and output escaping. An authenticated attacker with contributor-level access or higher can inject scripts that e...

6.4CVSS5.6AI score0.00199EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.9 views

SUSE CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

5.9CVSS5.3AI score0.00237EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.8 views

SUSE CVE-2026-45446

Issue summary: The implementations of AES-SIV RFC 5297 and AES-GCM-SIV RFC 8452 mishandle the authentication of AAD Additional Authenticated Data with an empty ciphertext allowing a forgery of such messages. Impact summary: An attacker can forge empty messages with arbitrary AAD to the victim's...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49087

Name of the Vulnerable Software and Affected Versions Canvas plugin for WordPress versions prior to 2.5.3 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with contributor-level access or higher can inject arbitrary...

6.4CVSS5.5AI score0.00199EPSS
Exploits0References12
Rows per page
Query Builder