Lucene search
+L

567 matches found

NVD
NVD
added 2026/04/01 5:16 a.m.10 views

CVE-2026-5274

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00336EPSS
Exploits0References2
CVE
CVE
added 2026/04/01 4:41 a.m.16 views

CVE-2026-5274

CVE-2026-5274 is a Chrome/Chromium vulnerability: an integer overflow in Codecs allows a remote attacker to perform arbitrary read/write through a crafted HTML page. Affected software includes Google Chrome prior to version 146.0.7680.178 (with references to Chromium fixes). The issue is describe...

8.8CVSS6.1AI score0.00336EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/01 12:0 a.m.5 views

Google Chrome < 146.0.7680.177 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.177. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop31 advisory. - Use after free in Compositing in Google Chrome prior to 146.0.7680.178...

9.6CVSS6.6AI score0.05036EPSS
Exploits0References43
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability caused by a codec integer overflow, which could allow arbitrary read and write operations to be executed through specially crafted HTML pag...

8.8CVSS5.9AI score0.00336EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 10:43 p.m.6 views

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References3
OSV
OSV
added 2026/03/26 6:31 p.m.8 views

GHSA-3MW5-466Q-295Q Mattermost allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to validate Advanced Logging file target paths which allows system administrators to read arbitrary host files via malicious AdvancedLoggingJSON configuration in support packet generation. Mattermost...

6.8CVSS6AI score0.00421EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/20 1:34 a.m.4 views

CVE-2026-4440

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Critical...

6AI score0.00324EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:26 a.m.3 views

CVE-2026-32711

pydicom is a pure Python package for working with DICOM files. Versions 2.0.0-rc.1 through 3.0.1 are vulnerable to Path Traversal through a maliciously crafted DICOMDIR ReferencedFileID when it is set to a path outside the File-set root. pydicom resolves the path only to confirm that it exists, b...

7.8CVSS5.8AI score0.00279EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by excessive reading and writing operations related to WebGL. This vulnerability could lead to arbitrary reading and writing...

8.8CVSS6.1AI score0.00324EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 7:25 p.m.2 views

GHSA-PH8X-4JFV-V9V8 Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

The fix for CVE-2026-27598 commit e2ed589, PR 1691 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE, RENAME, EXECUTE - all pass the fileName URL path parameter to locateDAG without...

8.1CVSS6AI score0.00469EPSS
Exploits1References4
OSV
OSV
added 2026/03/13 9:19 p.m.6 views

CVE-2026-32709 PX4 Autopilot MAVLink FTP Unauthenticated Path Traversal (Arbitrary File Read/Write/Delete)

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to read, write, create, delete, and rename arbitrary files on the flight controller filesystem withou...

5.4CVSS5.9AI score0.00476EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/12 4:50 p.m.3 views

CVE-2026-28793 Path Traversal Leading to Arbitrary File Read, Write and Delete in TinaCMS

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory. When running tinacms dev, th...

8.4CVSS5.9AI score0.00203EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/09 7:19 p.m.17 views

CVE-2026-0846

A vulnerability in the filestring function of the nltk.util module in nltk version 3.9.2 allows arbitrary file read due to improper validation of input paths. The function directly opens files specified by user input without sanitization, enabling attackers to access sensitive system files by...

8.6CVSS8.1AI score0.00428EPSS
Exploits1
NVD
NVD
added 2026/03/06 5:16 p.m.6 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS0.0022EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.6 views

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

9.8CVSS6.1AI score0.00641EPSS
Exploits1References1
NVD
NVD
added 2026/03/04 5:16 p.m.10 views

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

9.8CVSS0.00641EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/04 12:28 a.m.7 views

SUSE CVE-2026-23633

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

6.5CVSS5.8AI score0.00456EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/04 12:0 a.m.16 views

Hardware Read & Write Utility 安全漏洞

The Hardware Read & Write Utility is a hardware register modification tool developed by Nil Hardware Editor’s individual developers. Versions of the Hardware Read & Write Utility prior to v1.25.11.26 contained security vulnerabilities. These vulnerabilities stemmed from defects in the HwRwDrv.sys...

9.8CVSS5.9AI score0.00641EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.10 views

PT-2026-22963

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

6.1AI score0.00641EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/04 12:0 a.m.2 views

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

6.1AI score0.00641EPSS
Exploits1References3
Rows per page
Query Builder