Lucene search
K

3178 matches found

AlpineLinux
AlpineLinux
added 2026/06/12 8:6 p.m.5 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 6:46 p.m.3 views

OPENSUSE-SU-2026:20962-1 Security update for cyrus-imapd

This update for cyrus-imapd fixes the following issues: Changes in cyrus-imapd: - cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd bsc1251788 Remove var-run.mount from Requires and After - update to version 3.8.6 bugfix release VUL-0: CVE-2025-49812: cyrus-imapd:...

9.8CVSS7.2AI score0.00516EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 4:16 p.m.15 views

CVE-2026-46690

unboundedspsc is an "unbounded" extension of boundedspscqueue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches...

5.8CVSS0.0013EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 2:56 p.m.22 views

CVE-2026-46690

Summary: CVE-2026-46690 affects the unbounded-spsc crate (0.2.0 and earlier). The vulnerability originates from an unsafe TRANSMUTE in Sender::send (DISCONNECTED branch) that reinterprets a raw pointer to a Producer as a Consumer, creating a fake Arc and enabling out-of-bounds access. This race w...

5.8CVSS5.2AI score0.0013EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-48992

Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...

7.6CVSS6.1AI score0.00268EPSS
Exploits1References4
OSV
OSV
added 2026/06/11 12:40 p.m.16 views

MAL-2026-5640 Malicious code in ecto-corsair-whisper-6f3b9 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8695ea17273c804f1a58e6c0b877de280f7472622065964245deb85cc62dae20 The package declares a postinstall lifecycle hook postinstall.js that runs automatically on npm install. The script shells out via curl to the EC2...

5.5AI score
Exploits0References25
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 7:16 a.m.12 views

Malicious code in 0x2ai-demo3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a36d5f023e4740169d1e1e7a56ebe32552cfdc4a05bf50ecc0b648ecea502c0d On npm install, scripts/postinstall.cjs copies the entire payload/ tree into process.env.INITCWD the directory the developer ran the install from usi...

5.5AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 2:0 p.m.38 views

CVE-2026-45556 Roxy-WI: Authenticated arbitrary file write on every managed load balancer (and downstream RCE) via WAF rule save `config_file_name`

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf///rule//save accepts a configfilename form field that is passed straight through to configmod.masterslaveuploadandrestart... as the destination path. The validation chai...

9.9CVSS0.00372EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 7:34 p.m.15 views

PYSEC-2026-207 durabletask 1.4.1, 1.4.2, and 1.4.3 contain malicious code distributed via a compromised maintainer account

durabletask versions 1.4.1, 1.4.2, and 1.4.3 were published on 2026-05-19 within a 35-minute window through a compromised PyPI maintainer account and contained malicious code. On import, the package fetched a remote payload rope.pyz from an attacker-controlled host and executed it. The payload wa...

5.8AI score
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.18 views

Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.00233EPSS
Exploits0
EUVD
EUVD
added 2026/06/08 3:32 p.m.11 views

EUVD-2026-35116

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:31 p.m.13 views

EUVD-2026-35113

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

7.7CVSS5.3AI score0.00335EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.21 views

CVE-2026-8991

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/07 4:48 a.m.11 views

CVE-2026-11029

An insufficient validation of untrusted input flaw was found in the Drag and Drop component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497651688...

9.6CVSS5.4AI score0.00233EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:47 a.m.10 views

SUSE CVE-2026-11029

Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00233EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.12 views

CVE-2026-8991

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/06 2:28 a.m.13 views

EUVD-2026-34943

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.9 views

CVE-2026-8991 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References8
CVE
CVE
added 2026/06/06 2:28 a.m.29 views

CVE-2026-8991

The CVE concerns the WordPress plugin “Drag and Drop Multiple File Upload for Contact Form 7” (WordPress) up to version 1.3.9.7. It is affected in the Drag and Drop settings drag_n_drop_text and drag_n_drop_browse_text, where insufficient input sanitization and output escaping enables Stored Cros...

4.4CVSS5.7AI score0.00214EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.39 views

CVE-2026-8991 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dragndroptext' and 'dragndropbrowsetext' Settings in all versions up to, and including, 1.3.9.7 due to insufficient input sanitization and output escaping. This makes i...

4.4CVSS0.00214EPSS
Exploits0References8
Rows per page
Query Builder