Lucene search
K

2815 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-40640

Inappropriate implementation in PerformanceAPIs in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-13952

Google Chrome's PerformanceAPIs had an inappropriate implementation flaw prior to 150.0.7871.47, allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected software: Google Chrome (Chromium). Root cause: improper handling in PerformanceAPIs. Impact: cross-origin data l...

5.8AI score
Exploits0References2
Nuclei
Nuclei
added 3 days ago86 views

Vanna - SQL injection

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...

9.8CVSS7.6AI score0.03452EPSS
Exploits0References4
Nuclei
Nuclei
added 3 days ago23 views

CyberPower - Missing Authentication

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. id: CVE-2024-32735 info: name: CyberPower - Missing Authentication author: DhiyaneshDK severity: critical description: | An issue regarding missing authentication for certai...

9.8CVSS7.3AI score0.06765EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-55967

CVE-2026-55967 covers AES-GCM streaming APIs that fail to reject extremely large cumulative single messages (>64 GiB), allowing counter wrap and keystream reuse and enabling plaintext recovery. Public documents reference the same issue across multiple OS advisories (Ubuntu, Debian, Debian-deri...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/23 10:55 a.m.5 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.6.12 release that simplify the process of...

7.5CVSS7.3AI score0.00651EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51573

Name of the Vulnerable Software and Affected Versions GNU libidn versions prior to 1.44 Description An issue exists in the ToUnicode APIs due to mishandling in the idna to unicode internal function, which can lead to out-of-bounds reads of uninitialized memory. Recommendations Update to version...

4CVSS5.8AI score0.0011EPSS
Exploits1References5
CVE
CVE
added 2026/06/22 3:40 p.m.20 views

CVE-2026-46417

CVE-2026-46417 describes a Server-Side Request Forgery (SSRF) in @angular/platform-server caused by how the SSR engine processes absolute-form URLs. When such a URL is passed to the rendering entry points, internal ServerPlatformLocation can be coerced to use the attacker-controlled domain as the...

8.8CVSS5.9AI score0.0021EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of performance APIs in Google Chrome prior to version 89.0.4389.72 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

4.3CVSS6.6AI score0.0104EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: JAXP. The supported versions affected by this vulnerability include Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. This easily...

5.3CVSS6.5AI score0.03458EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Chromium

In Networking APIs of Google Chrome, before version 112.0.5615.49, it was possible for a remote attacker to exploit heap corruption by using a crafted HTML page, as long as that attacker could convince a user to perform certain UI interactions. Chromium security severity: Medium...

8.8CVSS7AI score0.00914EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in openjdk-11

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. The supported versions affected are Java SE: 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. This easily exploitable vulnerability allows an unauthenticated attacke...

5.3CVSS6AI score0.06218EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/17 3:24 p.m.8 views

firefox: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

9.6CVSS5.2AI score0.00532EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/17 11:2 a.m.6 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

9.8CVSS5.6AI score0.00605EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2026/06/17 5:59 a.m.5 views

firefox: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

9.6CVSS5.2AI score0.00532EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/16 12:2 p.m.6 views

firefox: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

9.6CVSS5.3AI score0.00532EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/16 6:14 a.m.5 views

firefox: Sandbox escape due to use-after-free in the Disability Access APIs component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to use-after-free in the Disability Access APIs component...

9.6CVSS5.2AI score0.00532EPSS
Exploits0References6
Veracode
Veracode
added 2026/06/15 7:20 a.m.9 views

XXE Injection

Spring REST Docs is vulnerable to XML External Entity XXE Injection. The vulnerability is due to unsafe processing of XML content when documenting remote APIs, where a compromised or malicious API can supply crafted XML containing external entities. When documentation-generating tests are execute...

5.9CVSS5.3AI score0.00223EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:59 p.m.30 views

CVE-2026-53609 Apostrophe has Server-Side Prototype Pollution in apos.util.set via patch operators that leads to process-wide authorization bypass

ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, apos.util.set traverses dot-notation paths without sanitizing proto, allowing an authenticated editor to write arbitrary values to Object.prototype via the $pullAll patch operator. A confirm...

9.1CVSS0.00237EPSS
Exploits0References1
Rows per page
Query Builder