Lucene search
K

2788 matches found

Microsoft CVE
Microsoft CVE
added 2026/04/02 2:0 p.m.6 views

Chromium: CVE-2026-5292 Out of bounds read in WebCodecs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.8AI score0.00248EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/31 8:41 a.m.2 views

CVE-2025-10553

A Stored Cross-site Scripting XSS vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

8.7CVSS6.2AI score0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.4 views

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

3.6CVSS5.8AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 2026/03/26 12:16 a.m.6 views

CVE-2026-33932

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

7.6CVSS0.00187EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4696

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use-after-free in the Layout: Text and Fonts component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and...

9.8CVSS7.8AI score0.00483EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/03/21 4:20 a.m.22 views

DuckDuckGo: RCE + Supply Chain Attack via pull_request_target in content-scope-scripts/semver-label.yml — Affects All DuckDuckGo Browsers

A vulnerability was discovered in the DuckDuckGo content-scope-scripts repository's GitHub Actions workflow. The workflow used the pullrequesttarget trigger without access controls, allowing untrusted code from fork pull requests to be checked out and executed. This could have led to remote code...

6.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:6 p.m.1 views

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

3.6CVSS5.8AI score0.00134EPSS
Exploits0References4
CVE
CVE
added 2026/03/19 10:6 p.m.9 views

CVE-2026-32018

OpenClaw vulnerability CVE-2026-32018 affects the openclaw npm package prior to 2026.2.19, caused by a race condition in concurrent updateRegistry and removeRegistryEntry writes for sandbox containers and browsers. The issue can lead to lost updates, resurrected removed entries, or corrupted sand...

4.8CVSS5.8AI score0.00134EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/19 10:6 p.m.9 views

EUVD-2026-13284

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

3.6CVSS5.8AI score0.00134EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained a cross-site...

8.7CVSS5.9AI score0.00322EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.9 views

OpenClaw 竞争条件问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.2.19 contained a race condition vulnerability. This vulnerability stemmed from concurrent update operations involving sandbox containers and browsers, which could lead to registry...

4.8CVSS5.8AI score0.00134EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26348

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...

8.7CVSS5.7AI score0.00322EPSS
Exploits1References8
EUVD
EUVD
added 2026/03/16 3:30 p.m.8 views

EUVD-2015-9417

Next Click Ventures RealtyScript 4.0.2 contains a stored cross-site scripting vulnerability in the locationname parameter of the admin locations interface. Attackers can submit POST requests to the locations.php endpoint with JavaScript payloads in the locationname field to execute arbitrary code...

7.2CVSS6AI score0.00321EPSS
Exploits1References4
CVE
CVE
added 2026/03/15 6:34 p.m.9 views

CVE-2015-20114

The CVE-2015-20114 entry concerns RealtyScript 4.0.2 by Next Click Ventures, with a cross-site scripting vulnerability triggered by unsanitized input across multiple parameters. The available documents consistently describe the issue as allowing arbitrary HTML/script execution in a user’s browser...

6.1CVSS6AI score0.00274EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.5 views

Unity Linux 20.1070e Security Update: avahi (UTSA-2026-006163)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006163 advisory. Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashe...

6.5CVSS5.8AI score0.00252EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/15 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: avahi (UTSA-2026-006159)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006159 advisory. Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can...

5.5CVSS5.8AI score0.0014EPSS
Exploits0References4
NVD
NVD
added 2026/03/11 9:16 p.m.8 views

CVE-2026-32124

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

5.4CVSS0.00162EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2026/03/11 4:38 p.m.8 views

Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence AI capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/11 3:31 a.m.4 views

EUVD-2026-11016

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.0003EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 3:31 a.m.4 views

EUVD-2026-10973

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.8AI score0.00167EPSS
Exploits0References2
Rows per page
Query Builder