Lucene search
K

29728 matches found

Redos
Redos
added 2026/01/22 12:0 a.m.6 views

ROS-20260122-73-0011

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type conversion errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS5.6AI score0.00379EPSS
Exploits0
Redos
Redos
added 2026/01/22 12:0 a.m.5 views

ROS-20260122-73-0022

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML pa...

7.5CVSS5.6AI score0.00184EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/01/21 7:36 p.m.2 views

CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5.2AI score0.00145EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/21 7:36 p.m.3 views

EUVD-2025-206320

EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...

4.3CVSS5.2AI score0.00145EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/01/21 4:13 p.m.8 views

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23965 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

7.5CVSS5.8AI score0.00194EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/01/21 4:13 p.m.7 views

cn.herodotus.engine:oauth2-authentication-autoconfigure (>=3.5.5.3 <=3.5.6.2), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.3.0.5 <=3.5.5.2) +2 more potentially affected by CVE-2026-23967 via org.webjars.npm:sm-crypto (=0.3.13)

org.webjars.npm:sm-crypto MAVEN version =0.3.13 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:sm-crypto and may be impacted: - cn.herodotus.engine:oauth2-authentication-autoconfigure =3.5.5.3, =3.3.0.5, =3.3.0.5, =3.5.5.3, =3.5.6.2...

7.5CVSS5.8AI score0.0019EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/01/21 12:3 p.m.2 views

firefox: thunderbird: Use-after-free in the JavaScript Engine component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...

9.8CVSS5.7AI score0.00423EPSS
Exploits0References5
OSV
OSV
added 2026/01/21 9:53 a.m.5 views

CLSA-2026-1768989206 pki-servlet-engine: Fix of CVE-2025-55752

CVE-2025-55752: fix improper normalization in RewriteValve to prevent path traversal attacks...

7.5CVSS7.3AI score0.66535EPSS
Exploits4References1
Github Security Blog
Github Security Blog
added 2026/01/21 1:4 a.m.13 views

AlchemyCMS: Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...

9.9CVSS6.1AI score0.00426EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.2 views

PT-2026-3870

Name of the Vulnerable Software and Affected Versions Argo Workflows versions prior to 3.6.17 and prior to 3.7.8 Description Argo Workflows contains a stored cross-site scripting XSS issue in the artifact directory listing. This allows a workflow author to execute arbitrary JavaScript in another...

7.3CVSS5.5AI score0.00337EPSS
Exploits1References17
Veeam
Veeam
added 2026/01/21 12:0 a.m.14 views

Restore to Google Compute Engine Fails with API Errors When Using Helper Appliance

Challenge When restoring a VM to Google Compute Engine GCE, the following errors occur: For Windows platform: Failed to restore to GCE: import-image: datestamp step "import" run error: step "wait-for-bootstrap" did not complete within the specified timeout of 20m0s System.Exception For Linux...

5.7AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3893

Name of the Vulnerable Software and Affected Versions sm-crypto versions prior to 0.3.14 Description sm-crypto, a JavaScript library providing implementations of Chinese cryptographic algorithms SM2, SM3, and SM4, contains a flaw in the SM2 decryption logic. An attacker can recover the private ke...

9.1CVSS5.9AI score0.00209EPSS
Exploits0References17
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.7 views

Hasura GraphQL Engine: Operating System Command Injection Vulnerability

Hasura GraphQL Engine is a very fast GraphQL server developed by Hasura as open source. Version 1.3.3 of Hasura GraphQL Engine contains a vulnerability related to operating system command injection. This vulnerability stems from SQL queries that allow remote code execution, potentially enabling t...

9.8CVSS6.4AI score0.0102EPSS
Exploits1References3
RubySec
RubySec
added 2026/01/21 12:0 a.m.9 views

AlchemyCMS - Authenticated Remote Code Execution (RCE) via eval injection in ResourcesHelper

Summary A vulnerability was discovered during a manual security audit of the AlchemyCMS source code. The application uses the Ruby eval function to dynamically execute a string provided by the resourcehandler.enginename attribute in Alchemy::ResourcesHelperresourceurlproxy. Details The...

9.9CVSS6.2AI score0.00426EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/01/20 4:37 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via the getSecretKey function. An attacker can gain unauthorized access to secrets across namespaces by exploiting the function's ability to bypass security mechanisms and retrieve secrets using elevated...

9.3CVSS5.7AI score0.00175EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/20 3:44 p.m.2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine when processing untrusted template expressions. An attacker can execute arbitrary code on the server by injecting specially crafted template payloads. Remediation...

9.8CVSS6.3AI score0.00504EPSS
Exploits1References2
OSV
OSV
added 2026/01/20 5:16 a.m.3 views

CVE-2026-0901

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/01/20 5:16 a.m.0 views

CVE-2026-0902

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/01/20 5:16 a.m.6 views

CVE-2026-0900

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00323EPSS
Exploits0References2
OSV
OSV
added 2026/01/20 5:16 a.m.5 views

CVE-2026-0900

Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder