Lucene search
K

5942 matches found

EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-41199

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-41165

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-14400

Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-14418

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14422

CVE-2026-14422 : Out-of-bounds read and write in Tint components of Google Chrome (Chromium-based) prior to 150.0.7871.46 allows a remote attacker to potentially access memory via a crafted HTML page. The issue affects Chrome versions before the 150.0.7871.46 update. Affected product: Google Chro...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14382

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score
Exploits0References2
Nuclei
Nuclei
added yesterday69 views

Rocket.Chat - Server-Side Request Forgery (SSRF)

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. id: CVE-2024-39713 info: name: Rocket.Chat - Server-Side Request Forgery SSRF author: iamnoooob,rootxharsh,pdresearch severity: high description: | A Server-Side Request Forgery SSRF affects...

8.6CVSS7.3AI score0.03201EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday26 views

MagnusBilling Alarm Module - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling Alarm Module modules allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling-...

7.6CVSS5.3AI score0.00896EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday34 views

Drawio <18.0.4 - Server-Side Request Forgery

Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...

7.5CVSS7.1AI score0.08667EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday30 views

Zaver - Local File Inclusion

Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. id: CVE-2022-38794 info: name: Zaver - Local File Inclusion author: pikpikcu severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. impact: |...

7.5CVSS7.2AI score0.03599EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday116 views

ECShop 4.1.0 - SQL Injection

ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. id: CVE-2021-41460 info: name: ECShop 4.1.0 - SQL Injection author: SleepingBag945 severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited ...

7.5CVSS7.1AI score0.06788EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday19 views

Intelbras TIP 200/200 LITE/300 - Local File Inclusion

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 are vulnerable to local file inclusion via the 'page' parameter in /cgi-bin/cgiServer.exx, allowing unauthenticated attackers to read arbitrary files such as /etc/passwd. id: CVE-2020-13886 info: name: Intelbras TIP...

5.3CVSS6.9AI score0.04344EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday10 views

LiquidFiles < 4.2 - User Enumeration via Password Reset

LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...

7.3CVSS5.8AI score0.00648EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday58 views

AxxonSoft Axxon Next - Local File Inclusion

AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...

7.5CVSS7.1AI score0.10516EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday73 views

Zoho ManageEngine OpManager - SQL Injection

Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...

7.5CVSS7.1AI score0.66347EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday28 views

MagnusBilling Login Logs - Cross-Site Scripting

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...

8.2CVSS5.6AI score0.01098EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday13 views

Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request

An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. id: CVE-2025-32813 info: name: Infoblox NetMRI 7.6.1 - Unauthenticated Command Injection in getsamlrequest author: iamnoooob,pdresearch severity: high description: | An issue was discovere...

7.2CVSS7.1AI score0.43042EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday9 views

Hongjing e-HR 2020 - SQL Injection

A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...

9.8CVSS6.7AI score0.03766EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday11 views

Lokomedia CMS - Local File Inclusion

A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...

5CVSS5.8AI score0.03258EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday11 views

WordPress Media Library Assistant <= 3.34 - SQL Injection

David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...

8.5CVSS6.1AI score0.01668EPSS
Exploits0References3
Rows per page
Query Builder