Lucene search
K

29728 matches found

CNVD
CNVD
added 2026/01/30 12:0 a.m.7 views

Google Chrome Security Bypass Vulnerability (CNVD-2026-11755)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...

8.8CVSS5.9AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/29 9:19 p.m.3 views

CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:19 p.m.5 views

CVE-2026-24904

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/29 9:19 p.m.5 views

CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References4
OSV
OSV
added 2026/01/29 3:38 p.m.6 views

CLSA-2026-1769701085 pki-servlet-engine: Fix of CVE-2025-31651

CVE-2025-31651: fix improper neutralization of escape, meta or control sequences to avoid bypassing rewrite rules...

9.8CVSS7AI score0.0418EPSS
Exploits1References1
Veracode
Veracode
added 2026/01/29 1:10 p.m.7 views

Denial Of Service (DoS)

github.com/kyverno/kyverno is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded memory usage in the policy engine when processing crafted policies that exponentially amplify string data via context variables, which allows an attacker with policy creation privileges to...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References4Affected Software1
FreeBSD
FreeBSD
added 2026/01/29 12:0 a.m.25 views

qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...

9.8CVSS7.3AI score0.2202EPSS
Exploits17References1
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.12 views

PT-2026-5356

TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tls listener.rs, TlsListener::listen peeks 1024 bytes and calls extract client random.... If parse tls plaintext fails for example, a fragmented/partial ClientHello split across TCP writes, extrac...

5.3CVSS5.9AI score0.00257EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2026/01/29 12:0 a.m.162 views

📄 Zabbix Agent Binaries 7.4 OpenSSL Path Scanner

This tool performs static analysis on Zabbix Agent binaries to identify hardcoded OpenSSL paths such as OPENSSLDIR, ENGINESDIR, and MODULESDIR. It leverages strings and radare2 to extract embedded configuration paths, OpenSSL version information, and indicators of dynamic engine or module loading...

7.3CVSS5.9AI score0.00327EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.8 views

PT-2026-6070

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 144.0.7559.132 Description A type confusion issue exists in the V8 engine within Google Chrome. This can lead to heap corruption when processing specially crafted HTML pages. A proof-of-concept PoC has been...

10CVSS5.3AI score0.00579EPSS
Exploits1References24
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.7 views

CVE-2026-0746

The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...

6.4CVSS5.9AI score0.00181EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.5 views

CVE-2026-23881

Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...

7.7CVSS5.9AI score0.00531EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/28 9:16 p.m.6 views

CVE-2026-24736

Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...

9.1CVSS6AI score0.0042EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/01/28 3:4 p.m.6 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/01/28 11:11 a.m.157 views

sqlmap-CTT-v3.0-SQL-Injection-Engine-Full-33-layer-fractal-temporal-resonance-implementation-in-C

sqlmap-CTT-v3.0-SQL-Injection-Engine-Full-33-layer-fractal-tem...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 a.m.13 views

CVE-2026-24829

Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4...

6.5CVSS5.9AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 a.m.5 views

CVE-2026-24828

Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/28 8:32 a.m.4 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
EUVD
EUVD
added 2026/01/28 8:26 a.m.12 views

EUVD-2026-4890

The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...

7.2CVSS6.5AI score0.00667EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 8:26 a.m.16 views

CVE-2026-1400

CVE-2026-1400 – AI Engine (WordPress) Arbitrary File Upload Summary: The AI Engine – The Chatbot and AI Framework for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in rest_helpers_update_media_metadata. Affected versions are up to 3.3.2. What’s vulne...

7.2CVSS6.5AI score0.00667EPSS
Exploits0References4
Rows per page
Query Builder