Lucene search
K

1255385 matches found

CVE
CVE
added yesterday4 views

CVE-2026-15127

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-15124

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-15123

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-15114

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: High...

6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-15110

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

6AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-15129

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-15168

Wireshark is affected by CVE-2026-15168 due to a vulnerability in the BLF file parser. Versions 4.6.0–4.6.6 and 4.4.0–4.4.16 are susceptible to information disclosure. The CVSS v3.1 score is 2.5 (LOW); attack vector LOCAL, required user interaction, high complexity, and no privileges required. Th...

2.5CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday72 views

CVE-2026-44024

CVE-2026-44024 affects Fluentd. The issue arises when file paths are dynamically constructed via the ${tag} placeholder in configurations (notably in the out_file plugin). Insufficient validation of ${tag} with untrusted tags can introduce path traversal, enabling an attacker to write or overwrit...

9.8CVSS7.6AI score
Exploits0References4
CVE
CVE
added yesterday17 views

CVE-2026-54528

Summary of vulnerability (CVE-2026-54528): The jupyterlab-git extension for JupyterLab is affected prior to version 0.54.0. On case-insensitive filesystems (e.g., macOS APFS, Windows NTFS), the code path that enforces excluded_paths uses fnmatch.fnmatchcase(), which is case-sensitive and can be b...

7.1CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday38 views

CVE-2026-54527

CVE-2026-54527 affects the jupyterlab-git extension. The PlainTextDiff.ts createHeader() renders renamed-file headers by directly inserting Git filenames into innerHTML, enabling stored XSS that can lead to remote code execution. Affected range is before 0.54.0, with fix released in 0.54.0. Explo...

9.3CVSS6AI score
Exploits1References3
CVE
CVE
added yesterday4 views

CVE-2026-15172

Wireshark contains a vulnerability CVE-2026-15172 in the FMP/NOTIFY protocol dissector that crashes the dissector on specific versions (Wireshark 4.6.0–4.6.6 and 4.4.0–4.4.16), leading to a denial of service. The CVE name in CVE-List references “Unchecked Input for Loop Condition in Wireshark.” T...

5.5CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-15173

Wireshark contains a vulnerability CVE-2026-15173 where the pcapng file parser crashes due to a heap-based buffer overflow in versions 4.6.0 through 4.6.6, leading to a denial of service. The available connected documents identify the issue as a heap-based overflow affecting the Wireshark pcapng ...

4.7CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-13320

GitLab CE/EE vulnerability CVE-2026-13320: an authenticated user could execute arbitrary scripts in another user’s browser session due to improper sanitization of input. Affected versions include all 15.7.x prior to 18.11.7, 19.0.x prior to 19.0.4, and 19.1.x prior to 19.1.2. GitLab has remediate...

7.3CVSS6.2AI score
Exploits0References3
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58211

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS5.9AI score
Exploits0
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58207

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client able to send account-scoped connection monitoring requests could crash the server by supplying Connz pagination Offset and Limit values that overflowed internal...

7.7CVSS5.9AI score
Exploits0
Debian CVE
Debian CVE
added yesterday6 views

CVE-2026-58209

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS5.9AI score
Exploits0
CVE
CVE
added yesterday9 views

CVE-2026-14891

HashiCorp Nomad and Nomad Enterprise are affected by a sandbox escape in the Docker task driver that can allow a job submitter to bind-mount a host path into a container, potentially enabling reading/writing host files even when volume bind mounts are disabled. Affected versions include Nomad Com...

8.7CVSS6AI score
Exploits0References1
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-58214

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS5.9AI score
Exploits0
CVE
CVE
added yesterday5 views

CVE-2026-8800

CVE-2026-8800 is an Incorrect Authorization vulnerability in Progress MOVEit Transfer (Audit User module). Affected versions include MOVEit Transfer before 2025.0.7 and from 2025.1.0 before 2025.1.3. The issue is described as a Low-severity (CVSS 3.1: 2.7) vulnerability with network access, requi...

2.7CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-8651

CVE-2026-8651 describes a limited authentication bypass by spoofing vulnerability in Progress MOVEit Transfer (HTTPS module). Affected product: MOVEit Transfer prior to 2025.0.7 and from 2025.1.0 before 2025.1.3. The issue enables a spoofing-based bypass with network access (attackers require no ...

3.7CVSS5.9AI score
Exploits0References1
Rows per page
Query Builder