Lucene search
K

5309 matches found

CVE
CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53173

Summary (concrete details from provided docs): The Linux kernel component accel/ethosu contains an OOB write in ethosu_gem_cmdstream_copy_and_validate(). A local user can trigger by supplying a crafted command stream, causing memory corruption and potential instability. The issue arises in a pars...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 6:0 a.m.12 views

CVE-2026-8172

The CVE-2026-8172 entry concerns the WordPress plugin Simple Basic Contact Form (through 20250114). The issue is a Reflected Cross-Site Scripting vulnerability caused by not escaping user-supplied input before reflecting it in the contact form output on validation errors. Impact described: unauth...

7.1CVSS5.7AI score0.00156EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 9:15 p.m.4 views

Origin Validation Error

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Origin Validation Error via the actionResourceJs process. An attacker can execute arbitrary JavaScript in the context of an administrator's browser and potentially achieve remote code executi...

9.2CVSS6.6AI score0.0033EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Zabbix

The cause of the vulnerability is improper validation of the “Name” field in the form input on the Graph page in the Items section...

5.5CVSS5.6AI score0.00659EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Origin Validation Error

Overview org.webjars.npm:undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to...

8.8CVSS6.4AI score0.00277EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/15 10:20 a.m.7 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

7.5CVSS5.5AI score0.0027EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/13 12:34 a.m.9 views

EUVD-2026-36603

An authorization flaw in MISP’s object add/edit handling allowed an authenticated user with object editing permissions to assign a MISP object, or attributes contained within an object, to a sharing group that the user was not authorized to use or view. When editing objects, the sharing group...

5.3CVSS5.4AI score0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:48 p.m.28 views

CVE-2026-54396 MISP AuthKey edit endpoint allows authenticated user email enumeration

An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the attacker-controlled AuthKey.userid value from the submitted request data. An authenticated user with...

5.3CVSS0.00247EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a vulnerability related to input validation errors. This vulnerability stemmed from insufficient validation for untrusted inputs in the Network component. It could allow remote...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-40376

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.1CVSS0.00671EPSS
Exploits0References1
Redos
Redos
added 2026/06/09 12:0 a.m.11 views

ROS-20260609-73-0004

The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

8.1CVSS5.7AI score0.00284EPSS
Exploits1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

NETGEAR 多款产品输入验证错误漏洞

NETGEAR is a router product from the American company NETGEAR. It is a hardware device used to connect two or more networks, acting as a gateway between them. Several NETGEAR products have a vulnerability related to input validation. This vulnerability allows attackers to intercept and tamper wit...

9.1CVSS6AI score0.00397EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 contain a...

7.5CVSS5.4AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Microsoft Visual Studio Code 输入验证错误漏洞

Microsoft Visual Studio Code is an open-source code editor developed by the American company Microsoft. Microsoft Visual Studio Code has a vulnerability related to input validation. Attackers can exploit this vulnerability to gain higher privileges...

8.1CVSS5.5AI score0.00671EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 4:34 p.m.12 views

CVE-2026-43972

A flaw was found in gun. A malicious or compromised HTTP/2 server can exploit an Origin Validation Error vulnerability by injecting unvalidated HTTP/2 PUSHPROMISE authority. This allows the server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. This...

6.3CVSS5.6AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 2:12 p.m.9 views

EUVD-2026-35073

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 2026/06/08 2:12 p.m.36 views

CVE-2026-43972

CVE-2026-43972 (gun_http2) : In gun_http2:push_promise_frame/7, the incoming PUSH_PROMISE :authority header is stored without validating it against the connection origin. Later, gun_http2:headers_frame/9 uses this unvalidated value when calling gun_cookies:set_cookie_header/7, before status handl...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. in the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of unreliable inputs in the Views component...

8.3CVSS5.3AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47298

Name of the Vulnerable Software and Affected Versions ninenines gun versions 2.0.0 through 2.3.x Description An origin validation error in the gun http2 module allows cross-origin cookie injection through an unvalidated HTTP/2 PUSH PROMISE authority. In the push promise frame function, the...

6.3CVSS5.6AI score0.00215EPSS
Exploits0References6
Rows per page
Query Builder