Lucene search
+L

3079 matches found

cve
cve
added 2 days ago9 views

CVE-2026-45313

Summary: Sandboxie-Plus on Windows contains a local privilege escalation in GuiServer.cpp prior to v1.17.6. The GuiServer::WndHookRegisterSlave handler stores attacker-supplied hthread and hproc from GUI_WND_HOOK_REGISTER without validating thread belonging to the sandbox or the function pointer’...

7.7CVSS6.4AI score0.00108EPSS
Exploits0References2
cvelist
cvelist
added 2 days ago35 views

CVE-2026-45313 Sandboxie-Plus: Sandboxie APC Injection Sandbox Escape

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. Prior to 1.17.6, GuiServer::WndHookRegisterSlave in Sandboxie/core/svc/GuiServer.cpp stores attacker-supplied hthread and hproc fields from a GUIWNDHOOKREGISTER request without validating that the thread belongs to the...

7.7CVSS0.00108EPSS
Exploits0References2
fedora
fedora
added 2026/07/04 12:51 a.m.6 views

[SECURITY] Fedora 44 Update: openqa-5^20260604git6376095-3.fc44

openQA is a testing framework that allows you to test GUI applications on one hand and bootloader and kernel on the other. In both cases, it is difficult to script tests and verify the output. Output can be a popup window or it can be an error in early boot even before init is executed. openQA is...

9.8CVSS6.7AI score0.01735EPSS
Exploits0
nvd
nvd
added 2026/06/24 3:16 p.m.9 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
cve
cve
added 2026/06/24 2:8 p.m.31 views

CVE-2026-12986

Technical details are not publicly available in the provided documents. Monitor for updates.

8.8CVSS6.6AI score0.00181EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/24 2:8 p.m.8 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/24 2:8 p.m.9 views

EUVD-2026-38793

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS6.6AI score0.00181EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/24 2:8 p.m.36 views

CVE-2026-12986

A critical vulnerability in Admin GUI in Payara Server Full 4.x, 5.x, 6.x, 7.x, 7.2026.x, 6.2025.x, 6.2024.x on All platforms that allows the attacker to leak the admin gfresttoken to an attacker-controlled host that can result in a full unauthenticated takeover of Payara admin domain. A...

8.8CVSS0.00181EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/11 2:59 a.m.17 views

CVE-2026-34417

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References1
packetstormnews
packetstormnews
added 2026/06/10 12:0 a.m.9 views

Android Wireless ADB Wireless Port Checker Flipper Zero GUI Application

This program is a Flipper Zero application that checks whether the Android Debug Bridge ADB wireless debugging port 5555 is open on a specified IP address. It integrates with the Flipper GUI system to display results directly on the device screen...

5.5AI score
Exploits0
nvd
nvd
added 2026/06/09 10:16 p.m.11 views

CVE-2026-34417

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS0.00168EPSS
Exploits0References2
nvd
nvd
added 2026/06/09 9:17 p.m.16 views

CVE-2026-34416

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS0.00199EPSS
Exploits0References2
cve
cve
added 2026/06/09 9:2 p.m.22 views

CVE-2026-34417

OSCAL-GUI contains a reflected XSS vulnerability in oscal-forms.php. An unauthenticated attacker can inject content via the project_request parameter, which is URL-decoded and assigned to project_id in oscal-functions.php. If the provided project ID isn’t found, the unsanitized value is concatena...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/09 9:2 p.m.8 views

CVE-2026-34417 OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/09 9:2 p.m.39 views

CVE-2026-34417 OSCAL-GUI Reflected XSS via project parameter in oscal-forms.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS0.00168EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/09 8:59 p.m.9 views

CVE-2026-34416 OSCAL-GUI Reflected XSS via project parameter in oscal.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References2
euvd
euvd
added 2026/06/09 8:59 p.m.10 views

EUVD-2026-35840

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References2
cve
cve
added 2026/06/09 8:59 p.m.18 views

CVE-2026-34416

CVE-2026-34416 : OSCAL-GUI contains a reflected cross‑site scripting vulnerability. An unauthenticated attacker can craft a URL with unsanitized input in the project parameter of oscal.php, causing the input to break out of JavaScript string/HTML attribute context in the onload handler and execut...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/09 8:59 p.m.44 views

CVE-2026-34416 OSCAL-GUI Reflected XSS via project parameter in oscal.php

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS0.00199EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.16 views

PT-2026-48267

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References3
Rows per page
Query Builder