Lucene search
K

1044 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.10 views

CVE-2025-60485

A segmentation violation in the gfisomapplesettagex function /isomedia/isomwrite.c of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.8AI score0.00143EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/29 5:18 p.m.36 views

CVE-2026-45668 Trilium Notes : Note Import to RCE via #docName Path Traversal (Safe Import Enabled)

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

9.3CVSS0.0017EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 5:10 p.m.12 views

EUVD-2026-33373

Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, Arcane's huma-based REST API exposes nine endpoints under /api/customize/git-repositories and /api/git-repositories/sync for managing GitOps source repositories and their stored credentials. Eig...

9.9CVSS5.8AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:38 a.m.11 views

EUVD-2026-33078

Use after free in GFX in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 12:38 a.m.13 views

EUVD-2026-33228

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

5.8AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Klever Blockchain 安全漏洞

Klever Blockchain is a high-performance blockchain network implemented by Klever in open source. Versions of Klever Blockchain prior to 1.7.17 contained security vulnerabilities. These vulnerabilities stemmed from a remote unauthenticated denial-of-service issue in the Batch.Decompress function...

8.6CVSS5.8AI score0.0038EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/28 10:25 p.m.10 views

CVE-2026-9982

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00184EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Zed 安全漏洞

Zed is a code editor developed by Zed Industries. Versions of Zed prior to 0.229.0 contained security vulnerabilities. These vulnerabilities stemmed from the terminal tool’s permission system, which could be exploited by adding environment variables before allowed commands, allowing the hijacking...

8.6CVSS6.1AI score0.00232EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

TREK 安全漏洞

TREK is a self-hosted, real-time collaboration travel planning tool developed by Maurice’s individual developer. It supports map management, budget tracking, and itinerary management. Versions of TREK prior to 3.0.18 contained security vulnerabilities. These vulnerabilities stemmed from the login...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing in the PCF’s app-sessions handler under certain conditions, which could lead to a 500...

6.5CVSS5.9AI score0.0035EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.8 views

CVE-2026-41455

WeKan before 8.35 contains a server-side request forgery vulnerability in webhook integration URL handling where the URL scheme field accepts any string without protocol restriction or destination validation. Attackers who can create or modify integrations can set webhook URLs to internal network...

8.5CVSS6AI score0.00236EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Anthropic Claude Code < 2.1.75 Local Privilege Escalation via Insecure Configuration Loading (CVE-2026-35603)

The version of Anthropic Claude Code installed on the remote Windows host is prior to 2.1.75. It is, therefore, affected by a local privilege escalation vulnerability. On Windows, Claude Code loaded system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without...

7.3CVSS5.8AI score0.00108EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the id and ticketid GET parameters in the patientw.php file, allowing...

5.4CVSS5.7AI score0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 6:36 p.m.9 views

CVE-2026-45008

phpMyFAQ before 4.1.2 contains a path traversal vulnerability in Client::deleteClientFolder that allows admins with INSTANCEDELETE permission to delete arbitrary directories. Attackers can submit traversal sequences like https://../../../ in the client URL parameter to recursively delete...

6.5CVSS5.9AI score0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/15 2:13 a.m.16 views

EUVD-2026-30499

A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled --app-name basic-auth and served via uvicorn ASGI. The FastAPI permission middleware only enforces authentication on /gateway/...

8.6CVSS6AI score0.01502EPSS
Exploits1References2
NVD
NVD
added 2026/05/14 8:17 p.m.12 views

CVE-2026-8587

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 7:52 p.m.41 views

CVE-2026-8550

Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 1:58 p.m.42 views

CVE-2026-5061 Consul-template vulnerable to sandbox path bypass in file helper via a symlink attack

The consul-template library before version 0.42.0 is vulnerable to a sandbox path bypass in the file template helper that may allow reading an out-of-sandbox file. This vulnerability CVE-2026-5061 is fixed in consul-template 0.42.0...

4.7CVSS0.00109EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.14 views

CVE-2026-44411

A vulnerability has been identified in Solid Edge SE2026 All versions V226.0 Update 5. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current...

7.8CVSS0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:53 a.m.55 views

CVE-2026-6001 IDOR in Abis Technology's BAPSİS

Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042...

8.8CVSS0.00242EPSS
Exploits0References1
Rows per page
Query Builder