Lucene search
K

273 matches found

NVD
NVD
added 2026/06/26 11:16 a.m.9 views

CVE-2026-57473

A vulnerability exists in the netclient and factory services of Reolink Home Hub versions prior to v3.3.0.45626031911 due to the possibility of brute-force cracking the credentials. This issue could allow attackers on the same local network to intercept traffic between the Hub and associated...

5.8CVSS0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.9 views

CVE-2026-39837

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...

6.3CVSS5.4AI score0.00189EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 11:17 p.m.22 views

CVE-2026-11177

Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00234EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.10 views

CVE-2026-11233

Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.5AI score0.00177EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

free5GC 代码问题漏洞

free5GC is an open-source project for the 5th generation 5G mobile core network. Versions of free5GC prior to 4.2.2 contained code vulnerabilities. These vulnerabilities stemmed from null pointer dereferencing in the PCF’s app-sessions handler under certain conditions, which could lead to a 500...

6.5CVSS5.9AI score0.0035EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.8 views

CVE-2026-7906

Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.12 views

Better Auth 安全漏洞

Better Auth is an open-source TypeScript framework for authentication. Versions of Better Auth prior to 1.6.5 contained a security vulnerability. This vulnerability stemmed from the clientPrivileges option recording creation operations. However, the OAuth client did not call the hook before...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 1:45 a.m.6 views

CVE-2026-40497

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's Helper::stripDangerousTags removes...

8.1CVSS5.8AI score0.00243EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

OrangeHRM 授权问题漏洞

OrangeHRM is a human resources management system developed by the American company OrangeHRM. This system supports functions such as personnel information management, leave management, attendance management, and recruitment management. Versions of OrangeHRM prior to 5.8 contained an authorization...

5.1CVSS5.8AI score0.00172EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29456

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.178 Description A use-after-free issue exists in the Web MIDI component of Google Chrome on Android. A remote attacker can potentially execute arbitrary code by tricking a user into visiting a special...

9.6CVSS6.5AI score0.05036EPSS
Exploits0References29
Cvelist
Cvelist
added 2026/03/27 8:47 p.m.27 views

CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/21 12:31 a.m.6 views

EUVD-2026-13808

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.5 views

CVE-2026-25210 affecting package expat for versions less than 2.6.4-4

CVE-2026-25210 affecting package expat for versions less than 2.6.4-4. A patched version of the package is available...

7.8CVSS5.8AI score0.00193EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.12 views

Plane 安全漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from the ProjectAssetEndpoint.patch method, which performed global asset searches based solely on asset IDs,...

7.1CVSS5.8AI score0.00213EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 6:8 p.m.2 views

CVE-2026-2320

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.6AI score0.0021EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/01/27 12:0 a.m.13 views

AnythingLLM security vulnerabilities

AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.10.0 contained a security vulnerability. This vulnerability stemmed from the /api/setup-complete endpoint exposing the QdrantApiKey in plain text, which could allow attackers to gain read/write...

8.7CVSS5.8AI score0.01566EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : curl-7.19.7-36.AXS4 (AXSA:2013-429:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-429:02 advisory. cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to...

5CVSS8AI score0.04986EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.7 views

CVE-2020-7189

A faultflasheventselectfact expression language injectionremote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

9CVSS7.3AI score0.03213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.7 views

CVE-2020-7168

A selectusergroup expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center iMC versions: Prior to iMC PLAT 7.3 E0705P07...

10CVSS8AI score0.06707EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.11 views

CVE-2020-7124

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software versions: Prior to 1.3.2...

9.8CVSS7AI score0.01368EPSS
Exploits0References1
Rows per page
Query Builder