Lucene search
K

46 matches found

cve
cve
added 5 days ago12 views

CVE-2026-59930

Mistune (Python Markdown parser) prior to 3.3.0 has a vulnerability in the toc/TableOfContents directive: heading IDs are generated as predictable toc_N values without slugifying the heading text. This can allow attacker-controlled id="toc_N" content to collide with generated anchors, potentially...

4.3CVSS6AI score0.00128EPSS
Exploits1References3Affected Software1
euvd
euvd
added 6 days ago7 views

EUVD-2026-41972

A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3...

6AI score0.00132EPSS
Exploits0References3
nvd
nvd
added 2026/07/02 9:16 p.m.5 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
euvd
euvd
added 2026/06/29 3:40 p.m.7 views

EUVD-2026-40129

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.3CVSS5.9AI score0.0032EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/29 12:0 a.m.17 views

PT-2026-53309

Name of the Vulnerable Software and Affected Versions Snowflake CLI versions prior to 3.19 Description Improper neutralization of attacker-controlled content allows unintended SQL execution. An attacker can execute arbitrary SQL within the context of a victim user's Snowflake session by providing...

8.8CVSS6.1AI score0.0032EPSS
Exploits0References4
osv
osv
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22325-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.18 views

PT-2026-50167

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authenticated user with workflow edit access can configure a 'Respond to Webhook' node to serve binary content using an attacker-controlled...

7.6CVSS5.9AI score0.00216EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.18 views

PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS5.4AI score0.00283EPSS
Exploits0References2
ossf
ossf
added 2026/06/12 7:7 p.m.21 views

Malicious code in theta-connector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f9ac14206b12d7cb0c180c49e65d91b99aa2f013c33147d7f1eff396da2c48a2 The package advertises itself as a MySQL connector but index.js around line 236 contains a method queryDBConnect on the exported...

6AI score
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:38 p.m.11 views

CVE-2026-34258

SAPUI5 Search UI allows an unauthenticated attacker to manipulate specific URL parameters on the Search UI to include malicious content. Successful exploitation may mislead victim users into clicking and accessing attacker-controlled pages rendered by the application. This vulnerability has a low...

4.7CVSS5.5AI score0.00249EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/27 2:42 p.m.12 views

CVE-2026-44972

GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject...

5CVSS5.9AI score0.00113EPSS
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/05/20 7:57 a.m.12 views

CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References1
nvd
nvd
added 2026/05/18 8:16 p.m.19 views

CVE-2026-45244

Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled. Attackers can influence the agent through malicious page or summary content to invo...

5.4CVSS0.00227EPSS
Exploits1References4
osv
osv
added 2026/05/18 7:44 a.m.6 views

SUSE-SU-2026:1941-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/15 4:47 p.m.7 views

CVE-2026-45036

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/05/15 4:47 p.m.9 views

EUVD-2026-30567

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without user interaction, enabling shell command execution when a user displays attacker-controlled content. T...

7CVSS6.2AI score0.0013EPSS
Exploits0References1
osv
osv
added 2026/05/06 7:26 a.m.4 views

SUSE-SU-2026:1699-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
nvd
nvd
added 2026/04/15 9:17 p.m.53 views

CVE-2026-22676

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

8.5CVSS0.00104EPSS
Exploits0References2
cve
cve
added 2026/04/14 12:6 a.m.19 views

CVE-2026-27674

An unauthenticated code injection flaw in SAP NetWeaver Application Server Java (Web Dynpro Java) could allow a crafted input to cause the application to reference attacker‑controlled content, leading to execution of client‑side code in the victim’s browser and potential session compromise. Affec...

6.1CVSS6.1AI score0.00192EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/04/14 12:0 a.m.4 views

PT-2026-32554

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server Java Web Dynpro Java affected versions not specified Description A code injection issue in the Web Dynpro Java component allows an unauthenticated attacker to provide crafted input that the application interpre...

6.4CVSS5.8AI score0.00192EPSS
Exploits0References8
Rows per page
Query Builder