Lucene search
K

8263 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51610

Name of the Vulnerable Software and Affected Versions Caliptra Core Runtime Firmware versions 2.0.0 through 2.0.1 Caliptra Core Runtime Firmware version 2.1.0 Description A missing cryptographic step in the aes 256 gcm update module leads to an incorrect GCM authentication tag. When the streaming...

5.1CVSS5.7AI score0.00128EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/06/23 12:0 a.m.4 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via malicious tag files CVE-2026-41411 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

6.6CVSS6.5AI score0.00501EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2026/06/23 12:0 a.m.4 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim: Command injection allows arbitrary code execution via malicious tag files CVE-2026-41411 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relate...

6.6CVSS6.5AI score0.00501EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.11 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.10 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

8.2CVSS7AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 9:53 p.m.6 views

vim: Vim: Command injection allows arbitrary code execution via malicious tag files

A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedd...

6.6CVSS6.4AI score0.00501EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 9:53 p.m.6 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

8.2CVSS7AI score0.00552EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 6:16 p.m.5 views

DEBIAN-CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

6.1CVSS5.9AI score0.00228EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 3:38 p.m.35 views

CVE-2026-50556 Angular: Missing `<noscript>` Raw-Text Serialization Escaping leads to Cross-Site Scripting (XSS) in Angular SSR

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00228EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:38 p.m.13 views

CVE-2026-50556

Summary: CVE-2026-50556 affects Angular SSR via @angular/platform-server using domino for DOM emulation. The serializer omits escaping, allowing bound dynamic text inside to produce an unescaped closing tag that can inject a [removed] and cause same-origin XSS under SSR. What is affected: Angul...

8.6CVSS5.9AI score0.00228EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:37 p.m.29 views

CVE-2026-50555 Angular: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in @angular/platform-server

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 3:37 p.m.15 views

CVE-2026-50555

Summary: CVE-2026-50555 affects the @angular/platform-server SSR path via the domino DOM emulation dependency. A Unicode index alignment bug in domino’s escaping logic caused astral Unicode characters preceding closing tags (such as,,) to misalign the escape/replacement, leaving the closing tag u...

8.6CVSS6AI score0.00167EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/22 2:17 p.m.7 views

CVE-2026-56424

MISP core contained multiple broken access-control flaws where authorization checks were performed against the wrong entity, or where ownership/editability checks were missing on write paths. In affected subsystems, a lower-privileged authenticated user with the relevant feature permission could...

8.8CVSS0.00361EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 2:16 p.m.11 views

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS0.00286EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:5 p.m.4 views

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/22 1:5 p.m.7 views

EUVD-2026-38240

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51308

Name of the Vulnerable Software and Affected Versions MISP core affected versions not specified Description Broken access-control flaws exist where authorization checks are performed against incorrect entities or ownership and editability checks are missing on write paths. This allows a...

8.8CVSS5.8AI score0.00361EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality ...

4.8CVSS6AI score0.00115EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 8:47 p.m.7 views

GHSA-WFQX-GJRF-G28R Crossplane: Signature verification TOCTOU allows installing unverified package content via mutable tag

Summary Crossplane allows package signature verification to be configured via the ImageConfig mechanism. When enabled, the package manager uses cosign to verify that packages are correctly signed before pulling and installing them. When a package is installed using a tag reference e.g., a semanti...

9CVSS5.7AI score
Exploits0References2
Rows per page
Query Builder