222249 matches found
CVE-2026-15753
CVE-2026-15753 affects zhinianboke xianyu-auto-reply on Server; the vulnerability concerns the /api/v1/payment/withdraw/review?action=approve endpoint where manipulation can cause the server to trust HTTP permission methods. The patch 19fc3282a1bb78a05c34945c088525d20e081cbd is referenced as a fi...
CVE-2026-15777
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
EUVD-2026-44541
A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...
CVE-2026-15765
Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-57102
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-57090
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code over a network...
CVE-2026-50474
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network...
CVE-2026-57969
Missing authentication for critical function in Azure CycleCloud allows an authorized attacker to elevate privileges over a network...
CVE-2026-15696
CVE-2026-15696 : Affects Tenda BE12 Pro firmware version 16.03.66.23. The vulnerability lies in the fromVirtualSer function of the file /goform/VirtualSer, where manipulation of the argument page leads to a stack-based buffer overflow. It can be exploited remotely, and the exploit has been disclo...
CVE-2026-15695
Affected software: Tenda BE12 Pro 16.03.66.23. Vulnerable component: function fromDhcpListClient in /goform/DhcpListClient. Root cause: manipulation of the argument page leads to a stack-based buffer overflow. Impact: remote attack with high severity (as reflected in CVSS metrics); attacker can e...
CVE-2026-15719
The CVE-2026-15719 entry refers to Firefox Site isolation in the DOM: Navigation component. Publicly disclosed exploit code exists, but none are documented as in-the-wild attacks in the provided sources. Affected software is Firefox; the vulnerability was fixed in Firefox 152.0.6. The Mozilla adv...
CVE-2026-15718
CVE-2026-15718 concerns an invalid pointer in Firefox’s JavaScript: WebAssembly component. Affected software: Mozilla Firefox. Root cause (as stated by the CVE entry title): an invalid pointer within the WebAssembly interaction layer of the JavaScript engine. Impact details are not elaborated bey...
CVE-2026-15691
The CVE-2026-15691 entry concerns Tenda BE12 Pro 16.03.66.23. It affects the function fromSafeClientFilter in /goform/SafeClientFilter; manipulating the argument page causes a stack-based buffer overflow. The vulnerability can be triggered remotely, and a public exploit has been released. The con...
Trixbox - 2.8.0.4 OS Command Injection
Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. id: CVE-2017-14535 info: name: Trixbox - 2.8.0.4 OS Command Injection author: pikpikcu severity: high description: Trixbox 2.8.0.4 is vulnerable to OS command...
Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. id: CVE-2025-32813 info: name: Infoblox NetMRI 7.6.1 - Unauthenticated Command Injection in getsamlrequest author: iamnoooob,pdresearch severity: high description: | An issue was discovere...
modoboa 2.0.4 - Admin TakeOver
Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. id: CVE-2023-0777 info: name: modoboa 2.0.4 - Admin TakeOver author: r3Y3r53 severity: critical description: | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to...
SquirrelMail Address Add 1.4.2 - Cross-Site Scripting
SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...
Keycloak <= 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter requesturi. This allows an attacker to execute a server-side request forgery SSRF attack. id: CVE-2020-10770 info: name: Keycloak = 12.0.1 - requesturi Blind Server-Side Request...
Joomla! Component Advertising 0.25 - Local File Inclusion
A directory traversal vulnerability in the Advertising comadvertising component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1473 info: name: Joomla! Component...
XStream <1.4.18 - Server-Side Request Forgery
XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify...