Lucene search
K

2267 matches found

EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42825

Improper export of android application components in Bixby prior to version 4.0.70.8 allows local attackers to execute arbitrary commands with Bixby privilege...

8.5CVSS6.2AI score0.00121EPSS
Exploits1References1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-21041

Improper access control in SamsungSEAgentService prior to SMR Jul-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00105EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/03 6:50 a.m.7 views

EUVD-2026-41513

The Quiz and Survey Master QSM – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS6AI score0.00312EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14147

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

0.00145EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-13757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a...

6.2CVSS6AI score0.00137EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 9:11 a.m.7 views

Malicious code in maplibre-gl-vue3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a46347c152553bd008255683dd927e5f25233224d3c6f1df6ae87533350b5815 The package advertises itself as MapLibre GL bindings for Vue 3 and re-exports the upstream maplibre-gl API, but on import it unconditionally injects...

5.9AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.31 views

CVE-2026-57294

A missing permission check in Jenkins EC2 Fleet Plugin 4.2.3.539.v8fedff2a81c3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing AWS credentials stored in Jenkins...

0.00161EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-49773

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.4.23 through 2026.4.23 Description An insecure file permissions issue exists in the config recovery process that restores the OpenClaw.json file with overly broad permissions. Local attackers on shared hosts can exploit...

5.7CVSS5.2AI score0.00094EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 10:5 a.m.14 views

EUVD-2026-36712

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and recover the hard-coded cryptographic key. This...

6.8CVSS5.3AI score0.0012EPSS
Exploits1References2
OSV
OSV
added 2026/06/12 2:16 p.m.5 views

DEBIAN-CVE-2026-1836

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 2:16 p.m.7 views

UBUNTU-CVE-2026-1836

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS5.3AI score0.00105EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/12 1:23 p.m.29 views

CVE-2026-1836 Stored credentials in Redmine

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS0.00105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48867

The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to the browser and view the login credentials...

5.3CVSS5.2AI score0.00105EPSS
Exploits0References2
Redos
Redos
added 2026/06/09 12:0 a.m.14 views

ROS-20260609-73-0004

The vulnerability of the RDP client FreeRDP is related to the escape of operations beyond the buffer in memory due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

8.1CVSS5.7AI score0.00284EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.10 views

CVE-2026-21008

Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information...

6.5CVSS5.4AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-5357

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sid' parameter of the 'wpdmmembers' shortcode in versions up to and including 3.3.52. This is due to insufficient input sanitization and output escaping on the user-supplied 'sid' shortcode attribute...

6.4CVSS5.7AI score0.00302EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/04 11:4 p.m.9 views

CVE-2026-11067

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.0025EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/04 11:4 p.m.41 views

CVE-2026-10973

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00985EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/02 4:12 p.m.11 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the Installer component. This vulnerability could allow local attackers to execute operation...

7.8CVSS5.5AI score0.0008EPSS
Exploits0References3
Rows per page
Query Builder