Lucene search
K

1162 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-58032

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...

5.3CVSS5.8AI score0.00436EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-40496

Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-14145

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS6AI score0.00154EPSS
Exploits0
CVE
CVE
added 4 days ago7 views

CVE-2026-14000

CVE-2026-14000 affects Google Chrome prior to 150.0.7871.47 due to an inappropriate XML implementation, enabling a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is documented across multiple sources (NVD, Debian OSV, CVE lists) with the same descrip...

6.1CVSS6AI score0.00171EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago6 views

CVE-2026-13835

CVE-2026-13835 : Google Chrome before 150.0.7871.47 is affected by an inappropriate implementation in XML that could allow a remote attacker to trigger heap corruption via a crafted HTML page. Impact is described as high severity; no exploit details are provided in the documents. Remediation: upd...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
NVD
NVD
added 5 days ago8 views

CVE-2026-13744

Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...

8.8CVSS0.0032EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

SUSE SLES16: WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2026:22212-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22212-1 advisory. This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted...

8.8CVSS7.2AI score0.00693EPSS
Exploits0References49
RedHat Linux
RedHat Linux
added 2026/06/25 6:8 p.m.5 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.8AI score0.00389EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 2:27 p.m.29 views

CVE-2026-50700 Frappe Framework 17.0.0-dev - Stored XSS in frappe.get_avatar image rendering

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 1:11 p.m.4 views

OESA-2026-2709 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context,...

10CVSS6.1AI score0.0168EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51637

Name of the Vulnerable Software and Affected Versions Budibase server versions prior to 3.39.1 Description An issue exists where the enrichContext function substitutes parameter values into the raw JSON body of a query and then parses the result using JSON.parse. The validateQueryInputs function...

10CVSS5.9AI score0.00538EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2026/06/22 6:15 a.m.11 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.8AI score0.00318EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:49 a.m.6 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.8AI score0.00411EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in the way samba handled file and directory permissions. A authenticated user could exploit this flaw to gain access to certain file and directory information that would otherwise be unavailable to the attacker...

4.3CVSS6.3AI score0.01521EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in xrdp

xrdp is an open-source RDP server. Before version 0.10.5, xrdp contained an unauthenticated stack-based buffer overflow vulnerability. The issue arises from improper bounds checking when processing user domain information during the connection process. If exploited, this vulnerability could allow...

9.8CVSS8.2AI score0.01318EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12446

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.3AI score0.00194EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/16 5:49 p.m.66 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 ⚠ This tool is created solely for education...

9.8CVSS6.2AI score0.981EPSS
Exploits64
CVE
CVE
added 2026/06/16 2:19 p.m.38 views

CVE-2026-0646

The affected product is Rockwell Automation 1794-AENTR adapters (EtherNet/IP). The issue is a denial-of-service caused by improper memory handling of CIP protocol requests in the 1794-AENTR adapter, which can cause the device to fault and drop connections to its linked I/O modules, requiring a ma...

8.7CVSS5.3AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.8 views

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

7.5CVSS0.00482EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/15 10:20 a.m.8 views

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

8.8CVSS5.2AI score0.00389EPSS
Exploits0References5
Rows per page
Query Builder