Lucene search
K

4412 matches found

Nuclei
Nuclei
added 9 hours ago13 views

Cobbler 'XML-RPC' - Authentication Bypass

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7.2AI score0.03948EPSS
Exploits6References3
Nuclei
Nuclei
added 9 hours ago30 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7.2AI score0.04184EPSS
Exploits3References2
EUVD
EUVD
added 11 hours ago5 views

EUVD-2025-210412

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.main.runautogradprof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution...

8.1CVSS6.3AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41631

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources...

6AI score
Exploits0References4
Nuclei
Nuclei
added yesterday59 views

OpenCode < 1.0.216 - Unauthenticated Remote Code Execution

OpenCode versions prior to 1.0.216 contain an unauthenticated remote code execution vulnerability. The application exposes session and shell execution endpoints without proper authentication, allowing remote attackers to create sessions and execute arbitrary shell commands on the underlying serve...

8.8CVSS8AI score0.16955EPSS
Exploits7References2
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-14426

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00216EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-14431

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00275EPSS
Exploits0References3Affected Software1
NVD
NVD
added 3 days ago6 views

CVE-2026-58032

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...

5.3CVSS0.00436EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41011

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files modules/ext.CheckUser.TempAccounts/components/blockConnectedTempAccountsField.Vue. This issue affects...

5.8AI score0.00247EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40810

Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40813

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40740

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00164EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40727

Use after free in BrowserTag in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40713

Use after free in Views in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-40625

Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00219EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40629

Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0023EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40593

Inappropriate implementation in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00212EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-40516

Use after free in Chromoting in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: High...

6.2AI score0.00228EPSS
Exploits0References3
OSV
OSV
added 4 days ago2 views

DEBIAN-CVE-2026-14153

Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 4 days ago3 views

CVE-2026-14146

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00264EPSS
Exploits0References2
Rows per page
Query Builder