Lucene search
K

1857 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-59214 Open WebUI: Stored web worker XSS via Pyodide

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, Open WebUI runs client-side Python with Pyodide in a same-origin web worker, allowing stored chat payloads that use pyodide.http.pyfetch or the js module fetch and XMLHttpRequest APIs to issue...

7.3CVSS0.00285EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42578

Out-of-bounds read, Reachable assertion vulnerability in Samsung Open Source Escargot allows Overread Buffers, Input Data Manipulation. This issue affects Escargot: before 2dee22f5c7b8bf31cb7252d7731fae8c07f2842c...

6.1CVSS5.9AI score0.00107EPSS
Exploits0References2
CVE
CVE
added 5 days ago13 views

CVE-2026-15128

CVE-2026-15128 concerns an inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 that could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The Chrome stable update notes indicate the fix was delivered in the 150.0.7871.114/115 ...

6.1CVSS6.1AI score0.00139EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15108

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

6AI score0.00125EPSS
Exploits0References3Affected Software1
NVD
NVD
added 6 days ago11 views

CVE-2026-7380

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-8377

CVE-2026-8377 affects Armiya Information Technologies Ltd. Co. Access Control System (GKS) prior to version 2. The vulnerability is described as Missing/Improper Authorization allowing data collection from common resource locations. According to the connected records, the issue enables network-ba...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-8377 Improper Authorization in Armiya Technologies' Access Control System

Missing Authorization vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Collect Data from Common Resource Locations. This issue affects Access Control System GKS: before Version 2...

8.2CVSS0.00198EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42017

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-8306

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-8306

CVE-2026-8306 describes a Stored XSS in Armiya Information Technologies Ltd. Co. Access Control System (GKS) prior to version 2, caused by improper neutralization of input during web page generation. The vulnerability allows stored cross-site scripting in the GKS web interface. CVSS3.1 base score...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-8306 Stored XSS in Armiya Technologies' Access Control System

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows Stored XSS. This issue affects Access Control System GKS: before Version 2...

6.1CVSS0.00149EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-7380

The CVE-2026-7380 entry concerns Armiya Information Technologies Ltd. Co. Access Control System (GKS). It describes an improper neutralization of Script-Related HTML tags in a web page, enabling basic HTML attribute-based XSS. Affected: GKS Access Control System before version 2. The vulnerabilit...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42016

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-42143

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, user-controlled persistent volume names are interpolated into shell commands executed on managed servers without escaping or validation, allowing an authenticated member to...

8.8CVSS0.00435EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago11 views

PT-2026-56173

Name of the Vulnerable Software and Affected Versions PcVue versions prior to 17.0.0 Description Credentials for built-in users are stored insecurely within the User directory of projects. This allows a local attacker to retrieve these credentials. Active Directory accounts are not affected by th...

6.8CVSS6.1AI score0.00092EPSS
Exploits0References9
CVE
CVE
added last week12 views

CVE-2026-53640

CVE-2026-53640 (FOSSBilling) affects the FOSSBilling project prior to version 0.8.0, where low-privileged staff could read sensitive data via admin API endpoints that lack proper authorization checks on read operations. The issue contrasts with write endpoints that have fine-grained permissions, ...

2.3CVSS6AI score0.00226EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 11:16 p.m.7 views

CVE-2026-14407

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00319EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 10:22 p.m.21 views

CVE-2026-14394

Summary of CVE-2026-14394 (Google Chrome / V8) : A use-after-free in V8 leads to potential heap corruption when processing crafted HTML pages. Affected software is Google Chrome, with vulnerable versions prior to 150.0.7871.46. The issue is caused by a use-after-free in the JavaScript engine (V8)...

8.8CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 10:22 p.m.21 views

CVE-2026-14403

CVE-2026-14403: Use-after-free in V8 (Chrome) allows remote code execution inside a sandbox via a crafted HTML page on Chrome versions prior to 150.0.7871.46. Severity is listed as Low; the vulnerability stems from a V8 use-after-free condition. Documents do not specify exploitation status or con...

8.8CVSS6.2AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 10:22 p.m.30 views

CVE-2026-14419

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

0.00215EPSS
Exploits0References2
Rows per page
Query Builder