Lucene search
K

192400 matches found

AlpineLinux
AlpineLinux
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3942

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00177EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3932

Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.3AI score0.00183EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.1 views

CVE-2026-3927

Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00177EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3920

Out of bounds memory access in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00291EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.4 views

CVE-2026-3918

Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.5AI score0.00325EPSS
Exploits0
CVE
CVE
added 2026/03/11 9:32 p.m.9 views

CVE-2026-3958

Woahai321 ListSync ≤0.6.6 is affected. The vulnerability is in the function requests.post of list-sync-main/api_server.py (JSON Handler) and allows server-side request forgery. It can be exploited remotely; an exploit has been disclosed publicly. Attackers may use the vulnerable server to make un...

6.5CVSS5.3AI score0.00201EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/03/11 8:53 p.m.361 views

claude-code-pentest

claude-code-pentest 6 Claude Code skills that automate th...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/03/11 8:42 p.m.4 views

User Impersonation

Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to User Impersonation in the app registration process. An attacker can gain unauthorized access to sensitive API credentials by exploiting the ability to update the shop-url during...

8.9CVSS5.8AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 8:16 p.m.29 views

CVE-2026-32109 Copyparty has unexpected JavaScript execution via crafted URL to folder with `.prologue.html`

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS0.00162EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:16 p.m.5 views

CVE-2026-32109

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/11 8:16 p.m.10 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS0.00196EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/03/11 8:13 p.m.111 views

manchurian-agent-poc

Manchurian Candidate Agent POC ⚠️ SECURITY RESEARCH — EDU...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/11 7:47 p.m.8 views

EUVD-2026-11332

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:47 p.m.5 views

CVE-2026-31979

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Prior to 3.1.0 and 2.3.8, the himmelblaud-tasks daemon, running as root, writes Kerberos cache files under /tmp/krb5cc without symlink protections. Since commit 87a51ee, PrivateTmp is explicitly removed from the task...

8.8CVSS5.9AI score0.00196EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 6:23 p.m.5 views

CVE-2019-25466

Easy File Sharing Web Server 7.2 contains a local structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by creating a malicious username. Attackers can craft a username with a payload containing 4059 bytes of padding followed by a nseh...

8.6CVSS6.3AI score0.00151EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/11 6:23 p.m.29 views

CVE-2019-25464 InputMapper 1.6.10 Local Denial of Service via Username Field

InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...

6.7CVSS0.00177EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/11 6:23 p.m.4 views

CVE-2019-25464 InputMapper 1.6.10 Local Denial of Service via Username Field

InputMapper 1.6.10 contains a buffer overflow vulnerability in the username field that allows local attackers to crash the application by entering an excessively long string. Attackers can trigger a denial of service by copying a large payload into the username field and double-clicking to proces...

6.7CVSS6.1AI score0.00177EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/11 5:4 p.m.28 views

CVE-2026-31852 Jellyfin Possible Organization/Secret Compromise from dangerous CI implementation

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS0.00445EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 5:4 p.m.4 views

CVE-2026-31852

Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the workflow's elevated permissions nearly all write permissions, this vulnerability enables...

10CVSS6.3AI score0.00445EPSS
Exploits0References3
CVE
CVE
added 2026/03/11 4:42 p.m.16 views

CVE-2026-31813

CVE-2026-31813 affects Supabase Auth. Before version 2.185.0, if Apple or Azure as OIDC providers are enabled, an attacker can create a valid, asymmetrically signed ID token from their issuer for each victim email and send it to the token endpoint using the ID token flow. If the ID token is OIDC ...

4.8CVSS5.9AI score0.00138EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder