Lucene search
+L

8820 matches found

CVE
CVE
added 2026/06/01 9:14 p.m.34 views

CVE-2025-22424

CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...

7.8CVSS5.9AI score0.00088EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/01 5:17 p.m.17 views

CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

6.5CVSS0.00295EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 4:4 p.m.11 views

EUVD-2026-33663

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

6.5CVSS5.7AI score0.00295EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 3:32 a.m.9 views

CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

3.5CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.34 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from improper input validation in multiple functions within DevicePolicyManagerService.java. These vulnerabilities may lead to local...

5.5CVSS5.3AI score0.00066EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

MediaTek Chipsets 安全漏洞

MediaTek Chipsets are a series of chips developed by MediaTek Corporation in China. The MediaTek Chipsets contain security vulnerabilities. These vulnerabilities stem from insufficient boundary checking in the geniezone component, leading to out-of-bound writes. This can result in an increase in...

6.7CVSS5.3AI score0.00114EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45611

Name of the Vulnerable Software and Affected Versions DevicePolicyManagerService.java affected versions not specified Description Improper input validation in multiple functions of DevicePolicyManagerService.java can cause a desync from persistence. This issue may lead to a local denial of servic...

5.5CVSS5.9AI score0.00066EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

OTRS 安全漏洞

OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in OTRS versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X, as well as in the Community Edition 6.0.x version. These vulnerabilities stem from improper input validation ...

9.1CVSS5.6AI score0.00362EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.15 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 151.2 contained security vulnerabilities. These vulnerabilities stemmed from Reader View incorrectly escaping HTML tags in JSON-LD metadata. This could allo...

5.4CVSS5.7AI score0.00157EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.13 views

Project Management 授权问题漏洞

Project Management is an open-source project management tool developed by DEVASLAN and released under the PHP open-source license. Versions of Project Management 2.0.0-beta1 and earlier contained vulnerabilities related to authorization. These vulnerabilities stemmed from improper authorization i...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References7
OSV
OSV
added 2026/06/01 12:0 a.m.20 views

ASB-A-414389102

In applySimpleFieldMaxSize of DataRowHandler.java, there is a possible way to insert a large contact name due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.00071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.12 views

IBM WebSphere Application Server(WAS) 代码问题漏洞

IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...

8.5CVSS6AI score0.00487EPSS
Exploits0References1
OSV
OSV
added 2026/05/31 10:25 a.m.6 views

OPENSUSE-SU-2026:20852-1 Security update for roundcubemail

This update for roundcubemail fixes the following issues: Changes in roundcubemail: - update to 1.6.16 + Fix potential too long value in IMAP ID command 10136 + Security: Fix stored XSS/HTML/CSS injection in subject field of the draft restore dialog CVE-2026-48849 bsc1266337 + Security: Fix CSS...

8.1CVSS6.1AI score0.00764EPSS
Exploits1References16
OSV
OSV
added 2026/05/31 12:0 a.m.43 views

RLSA-2026:21745 Important: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: MGMT: Fix possible UAFs CVE-2025-39981 kernel: ima: don't clear IMADIGSIG flag when setting or removing non-IMA xattr...

7.8CVSS6.6AI score0.00591EPSS
Exploits0References19
NVD
NVD
added 2026/05/29 7:16 p.m.20 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS0.00321EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:58 p.m.10 views

CVE-2026-47744

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...

9.9CVSS6AI score0.00321EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 5:58 p.m.26 views

CVE-2026-47744

CVE-2026-47744 affects Shopper: a Headless e-commerce Admin Panel. Two authorization flaws in Settings/Team enable RBAC takeover prior to version 2.8.0. First, Settings/Team/Index had no mount() authorization, allowing any authenticated panel user to load the page and perform public actions to cr...

9.9CVSS6AI score0.00321EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/29 12:0 a.m.41 views

Free-Riding in the AI Economy: Demystifying Logic Flaws in X402-Enabled Payment Systems

The agentic economy demands programmatic financial rails, positioning the x402 protocol as the de facto standard for machine-to-machine payments. However, bridging synchronous HTTP requests with asynchronous blockchain finality introduces profound state synchronization challenges. In this work, w...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

SillyTavern 安全漏洞

SillyTavern is a frontend interface for the SillyTavern open-source language model. Versions of SillyTavern prior to 1.18.0 contained security vulnerabilities. These vulnerabilities stemmed from the use of cookie-session for authentication. The password update endpoint only updated the password...

7.5CVSS5.8AI score0.00394EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44944

Name of the Vulnerable Software and Affected Versions Shopper versions prior to 2.8.0 Description Two authorization defects in the team settings allow an authenticated user to compromise the Role-Based Access Control RBAC system. The endpoint "Settings/Team/Index" lacks mount authorization,...

9.9CVSS6AI score0.00321EPSS
Exploits0References10
Rows per page
Query Builder