Lucene search
K

8048 matches found

NVD
NVD
added 2 days ago4 views

CVE-2026-42447

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...

3.6CVSS0.00139EPSS
Exploits0References3
CVE
CVE
added 2 days ago7 views

CVE-2026-42447

CVE-2026-42447 affects jadx (Dex to Java decompiler). The HTML injection occurs in the Summary tab via SummaryNode.java, which unescapes and inserts path components from an APK’s .so file entries into HTML without escaping. A malicious APK with a crafted HTML URL-encoded ZIP entry name can render...

3.6CVSS6.2AI score0.00139EPSS
Exploits0References3
NVD
NVD
added 2 days ago3 views

CVE-2026-4017

Buffer Overflow in the entry handler of the TraceEvent system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...

7.4CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-4017

The CVE-2026-4017 entry concerns a buffer overflow in the TraceEvent() system call entry handler for the QNX Neutrino kernel (affecting QNX Software Development Platform and QNX OS for Safety). The underlying issue, a buffer overflow in the entry handler, could enable a local attacker to cause in...

7.4CVSS6.1AI score0.0012EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

7.1AI score0.00176EPSS
Exploits5References6
OSV
OSV
added 2 days ago12 views

ROOT-OS-UBUNTU-2204-CVE-2026-43116 CVE-2026-43116 in rootio-linux - Patched by Root

Root has patched CVE-2026-43116 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7CVSS5.8AI score0.00096EPSS
Exploits0
OSV
OSV
added 2 days ago12 views

ROOT-OS-DEBIAN-13-CVE-2025-38660 CVE-2025-38660 in rootio-linux - Patched by Root

Root has patched CVE-2025-38660 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.5CVSS5.4AI score0.00145EPSS
Exploits0
OSV
OSV
added 2 days ago9 views

ROOT-OS-DEBIAN-11-CVE-2026-23071 CVE-2026-23071 in rootio-linux - Patched by Root

Root has patched CVE-2026-23071 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.4AI score0.001EPSS
Exploits0
OSV
OSV
added 2 days ago11 views

ROOT-OS-DEBIAN-11-CVE-2026-46245 CVE-2026-46245 in rootio-linux - Patched by Root

Root has patched CVE-2026-46245 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

5.5CVSS5.4AI score0.00108EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2 days ago6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

7.1AI score0.00176EPSS
Exploits5References6
CVE
CVE
added 3 days ago12 views

CVE-2026-15605

The vulnerability CVE-2026-15605 affects wandb 0.25.2.dev1, specifically the ArtifactManifestEntry.download path in wandb/sdk/lib/hashutil.py under Artifact Integrity Validation. The issue is described as the use of a weak hash due to manipulating the ArtifactManifestEntry.download, with the atta...

3.1CVSS5.5AI score0.00151EPSS
Exploits0References7
OSV
OSV
added 3 days ago2 views

CGA-52RR-HPV6-5JXX

Bulletin has no description...

6.1CVSS6.1AI score0.00139EPSS
Exploits0
NVD
NVD
added 3 days ago3 views

CVE-2026-57411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-57411 WordPress CF7 Views – Complete Entry Management for Contact Form 7 plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman CF7 Views Complete Entry Management for Contact Form 7 cf7-views allows DOM-Based XSS.This issue affects CF7 Views Complete Entry Management for Contact Form 7: from n/a through = 3.2.2...

7.1CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 3 days ago7 views

CVE-2026-57411

The CVE-2026-57411 entry concerns the WordPress plugin cf7-views (Aman CF7 Views – Complete Entry Management for Contact Form 7) with a DOM-based XSS vulnerability due to improper neutralization during web page generation. Affected versions are up to 3.2.2. CVSS v3.1 base score is 7.1 (HIGH); att...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-12081 Database for Contact Form 7, WPforms, Elementor forms < 1.5.2 - Unauthenticated PHP Object Injection via Entry File Field

The Database for Contact Form 7, WPforms, Elementor forms WordPress plugin before 1.5.2 does not restrict the PHP classes allowed when unserializing an attacker-supplied form-field value, allowing unauthenticated users to inject arbitrary PHP objects that are instantiated when an administrator...

0.00139EPSS
Exploits0References1
CVE
CVE
added 3 days ago11 views

CVE-2026-12081

CVE-2026-12081 affects the Database for Contact Form 7, WPforms, and Elementor forms WordPress plugin (versions before 1.5.2). The issue arises from unserializing an attacker-supplied form-field value without restricting PHP classes, allowing unauthenticated users to inject arbitrary PHP objects ...

5CVSS6.2AI score0.00139EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

MINI-C645-J392-74H9

Bulletin has no description...

9.1CVSS6.1AI score0.00466EPSS
Exploits0
OSV
OSV
added 4 days ago3 views

ECHO-5B7B-7765-6253

Bulletin has no description...

9.1CVSS6.1AI score0.00198EPSS
Exploits0References2
CVE
CVE
added 5 days ago15 views

CVE-2026-9017

The CVE describes an authorization bypass in the NEX-Forms – Ultimate Forms Plugin for WordPress (vulnerable up to and including 9.2.2). The underlying issue is that the plugin does not properly verify that a user is authorized to perform an action, enabling unauthenticated attackers to overwrite...

5.3CVSS6.1AI score0.00273EPSS
Exploits0References8
Rows per page
Query Builder