Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/14 7:16 p.m.11 views

CVE-2026-44633

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

8.1CVSS0.00032EPSS
Exploits0References1
EUVD
EUVDadded 2026/04/01 3:31 a.m.2 views

EUVD-2026-17749

The application allows PDF JavaScript and document/print actions such as WillPrint/DidPrint to update form fields, annotations, or optional content groups OCGs immediately before or after redaction, encryption, or printing. These script‑driven updates are not fully covered by the existing...

4.7CVSS5.9AI score0.00018EPSS
Exploits0References2
Github Security Blog
Github Security Blogadded 2025/02/19 5:46 p.m.15 views

Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

5.4CVSS6.9AI score0.00172EPSS
Exploits0References5Affected Software2
Cvelist
Cvelistadded 2025/02/19 4:42 p.m.9 views

CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS0.00172EPSS
Exploits0References2
OSV
OSVadded 2016/06/05 11:59 p.m.1 views

CVE-2016-1690

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted w...

7.5CVSS7.3AI score
Exploits0References11
OSV
OSVadded 2016/06/05 11:59 p.m.0 views

UBUNTU-CVE-2016-1690

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted w...

7.5CVSS7.3AI score0.01709EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2016/06/01 10:50 a.m.3 views

chromium-browser: heap use-after-free in autofill

The Autofill implementation in Google Chrome before 51.0.2704.63 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted w...

8.8CVSS7.6AI score0.01709EPSS
Exploits0References5
Rows per page
Query Builder