Lucene search
+L

743 matches found

EUVD
EUVD
added 2026/03/11 2:19 a.m.7 views

EUVD-2026-11049

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker attacker to inject malicious scripts into vulnerable form fields. Exploitation of...

5.4CVSS5.8AI score0.00255EPSS
Exploits0References1
NVD
NVD
added 2026/03/10 11:16 p.m.3 views

CVE-2026-27268

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vict...

5.5CVSS0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/10 2:12 a.m.9 views

CVE-2026-3786

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

8.8CVSS6.4AI score0.00276EPSS
Exploits2References1
EUVD
EUVD
added 2026/03/09 3:30 p.m.7 views

EUVD-2026-10338

Malicious scripts could display attacker-controlled web content under spoofed domains in Focus for iOS by stalling a self navigation to an invalid port and triggering an iframe redirect, causing the UI to display a trusted domain without user interaction. This vulnerability affects Focus for iOS...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/08 10:32 p.m.3 views

CVE-2026-3786 EasyCMS Request Parameter RbacuserAction.class.php sql injection

A security flaw has been discovered in EasyCMS up to 1.6. The impacted element is an unknown function of the file /RbacuserAction.class.php of the component Request Parameter Handler. The manipulation of the argument order results in sql injection. The attack can be launched remotely. The exploit...

6.5CVSS5.6AI score0.00276EPSS
Exploits2References4
CVE
CVE
added 2026/03/02 6:42 p.m.18 views

CVE-2026-0007

Consolidated sources describe CVE-2026-0007 as a vulnerability in WindowInfo.cpp, writeToParcel, enabling a tapjacking/overlay attack that could grant permissions and allow local elevation of privilege without additional execution privileges. Exploitation details are not provided in the Initial d...

8.6CVSS6.1AI score0.00094EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 6:42 p.m.3 views

CVE-2025-48582

In multiple locations, there is a possible way to delete media without the MANAGEEXTERNALSTORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6.1AI score0.00108EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/02 9:16 a.m.11 views

CVE-2026-20429

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5535...

4.4CVSS0.00073EPSS
Exploits0References1
OSV
OSV
added 2026/03/02 9:16 a.m.3 views

CVE-2026-20424

In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10320471; Issue ID: MSV-5540...

4.4CVSS5.8AI score0.00073EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 8:39 a.m.14 views

CVE-2026-20445

The CVE-2026-20445 vulnerability affects the MDDP component, where a race condition can cause a system crash leading to local denial of service when the attacker already has System privileges. Exploitation does not require user interaction. The issue is associated with a patch identified as ALPS1...

4.4CVSS5.9AI score0.00122EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/02 8:39 a.m.4 views

CVE-2026-20442

In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10436998; Issue ID: MSV-5723...

5.9AI score0.00071EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/02 8:39 a.m.7 views

EUVD-2026-9166

In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10432500; Issue ID: MSV-5803...

6.7CVSS5.9AI score0.00077EPSS
Exploits0References1
CVE
CVE
added 2026/03/02 8:39 a.m.20 views

CVE-2026-20427

CVE-2026-20427 represents a local privilege escalation caused by a missing bounds check in the display path. The issue could allow a malicious actor who has already obtained System privileges to elevate further without user interaction. The description does not specify affected products or compon...

6.7CVSS5.9AI score0.00077EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.7 views

PT-2026-22562

In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431940; Issue ID: MSV-5843...

5.9AI score0.00071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22563

In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10431920; Issue ID: MSV-5835...

5.9AI score0.00058EPSS
Exploits0References2
CVE
CVE
added 2026/02/26 2:14 p.m.39 views

CVE-2026-2244

Summary: CVE-2026-2244 affects Google Cloud Vertex AI Workbench. A vulnerability existed from 2025-07-21 to 2026-01-30 that allowed an attacker to exfiltrate valid Google Cloud access tokens of other users by abusing a built-in startup script. The exposure could enable unauthorized access to toke...

8.4CVSS5.5AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.11 views

PT-2026-22149

Name of the Vulnerable Software and Affected Versions Google Cloud Vertex AI Workbench versions 7/21/2025 through 01/30/2026 Description A flaw exists in Google Cloud Vertex AI Workbench that enables an attacker to obtain legitimate Google Cloud access tokens belonging to other users. This is...

8.4CVSS6.1AI score0.00247EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/02/20 11:16 p.m.6 views

CVE-2026-2044

GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open...

8.8CVSS7.3AI score0.00972EPSS
Exploits0References5
OSV
OSV
added 2026/02/20 10:23 p.m.4 views

CVE-2026-2045 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open ...

7.3CVSS7.6AI score0.00566EPSS
Exploits0References17
CVE
CVE
added 2026/02/20 10:11 p.m.36 views

CVE-2026-0777

CVE-2026-0777 describes an RCE in Xmind due to insufficient UI warnings when handling attachments. The flaw exists in the attachments workflow: opening an attachment does not warn the user about unsafe actions, allowing an attacker to execute code in the context of the current user after the targ...

7.8CVSS6.4AI score0.00343EPSS
Exploits0References1
Rows per page
Query Builder