Lucene search
K

2788 matches found

EUVD
EUVD
added 2026/05/14 5:33 a.m.10 views

EUVD-2026-30240

GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with developer-role permissions to execute arbitrary JavaScript in other users' browsers due to improper input...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-40878

Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description Improper input sanitization allows an authenticated user with developer-role permissions to execute arbitrary...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:32 p.m.12 views

CVE-2026-44369

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation...

8.5CVSS6AI score0.00266EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/13 1:11 p.m.14 views

Malicious code in @puppeteer/browsers (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 76482d9b1a887d0692b8dd6aab8071a8d96388a065c1e512999107e4c4e9cd54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40876

Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.7 through 18.9.6 GitLab EE versions 18.10 through 18.10.5 GitLab EE versions 18.11 through 18.11.2 Description An issue in customizable analytics dashboards allows an authenticated user to execute arbitrary JavaScript in...

8.7CVSS6.1AI score0.00256EPSS
Exploits0References13
Microsoft CVE
Microsoft CVE
added 2026/05/11 2:0 p.m.8 views

Chromium: CVE-2026-7913 Insufficient policy enforcement in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.8CVSS5.8AI score0.00112EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.16 views

PT-2026-39485

WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary...

6.1CVSS5.9AI score0.00187EPSS
Exploits0References4
Malwarebytes
Malwarebytes
added 2026/05/06 12:50 p.m.8 views

Attackers adopt JavaScript runtime Bun to spread NWHStealer

In our previous research, we analyzed a Windows infostealer we track as NWHStealer. The attackers behind this stealer are continuously finding new methods to distribute the stealer. During our hunting activities, we noticed how attackers are using a JavaScript runtime called Bun to help distribut...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/05 2:7 a.m.11 views

CLSA-2026-1777946871 python: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
OSV
OSV
added 2026/05/05 2:5 a.m.7 views

CLSA-2026-1777946712 python: Fix of CVE-2026-4519

CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...

7.1CVSS7.1AI score0.00308EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/05/01 7:15 a.m.5 views

Chromium: CVE-2026-7353 Heap buffer overflow in Skia

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.3AI score0.00253EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/04/22 11:53 a.m.10 views

Researcher claims Claude Desktop installs “spyware” on macOS

Security researcher Alexander Hanff wrote an article titled Anthropic secretly installs spyware when you install Claude Desktop. Claims like that are bound to create two sides, so we searched for an official rebuttal by Anthropic. But we couldn’t find one. It would surprise me very much if they’d...

6AI score
Exploits0
Cvelist
Cvelist
added 2026/04/14 6:0 p.m.28 views

CVE-2026-27288 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of thi...

5.4CVSS0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/04/14 3:16 p.m.5 views

DEBIAN-CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

6.1CVSS5.5AI score0.00191EPSS
Exploits2References1
NVD
NVD
added 2026/04/14 12:16 a.m.3 views

CVE-2026-27674

Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java Web Dynpro Java, an unauthenticated attacker could supply crafted input that is interpreted by the application and causes it to reference attacker-controlled content. If a victim accesses the affected functionality, th...

6.1CVSS0.00192EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.5 views

Uppy 安全漏洞

Uppy is an open-source file uploader developed by Transloadit, designed for web browsers. Version 0.25.6 of Uppy contains a security vulnerability, which stems from the use of incompatible types to access resources...

9.8CVSS5.8AI score0.00448EPSS
Exploits0References4
OSV
OSV
added 2026/04/13 6:10 a.m.10 views

BIT-GITLAB-2026-4332 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...

5.4CVSS6.1AI score0.00279EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.6 views

PT-2026-32229

Name of the Vulnerable Software and Affected Versions NightWolf Penetration Testing Platform affected versions not specified Description A stored cross-site scripting issue exists in NightWolf Penetration Testing Platform. This allows an attacker to trigger and execute malicious scripts in a user...

6.3CVSS6.1AI score0.00173EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/08 10:25 p.m.6 views

CVE-2026-4332

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed an authenticated user to execute arbitrary JavaScript in the context of other users' browsers due...

5.4CVSS6.1AI score0.00279EPSS
Exploits0References4Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2026/04/04 12:0 a.m.12 views

Update your browser: Security fix for Chrome zero-day CVE-2026-5281

News, Security Update your browser: Security fix for Chrome zero-day CVE-2026-5281 Share April 4th, 2026 Hi everyone! The latest patches to Opera’s browsers address several recent vulnerabilities, including a zero-day exploit CVE-2026-5281. We recommend updating your browsers to the latest versio...

8.8CVSS6.9AI score0.05036EPSS
Exploits4References1
Rows per page
Query Builder