Lucene search
+L

39660 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-44689

Cloudreve is a self-hosted file management and sharing system. From 4.12.0 until 4.16.1, Cloudreve's OAuth access tokens are issued without the OAuth clientid claim, so the JWT verifier does not load token scopes into request context and RequiredScopes treats the request like non-scoped session...

7.6CVSS6.1AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 5 days ago5 views

DEBIAN-CVE-2026-15775

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS6.1AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-44548

ColdFusion is affected by an Insufficient Session Expiration vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

2.7CVSS6.1AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-47999

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

4.8CVSS0.07076EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-47996

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.6CVSS0.18028EPSS
Exploits0References1
NVD
NVD
added 5 days ago3 views

CVE-2026-47995

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

8.1CVSS0.00269EPSS
Exploits0References1
CVE
CVE
added 5 days ago13 views

CVE-2026-15777

CVE-2026-15777 – Use-after-free in the Chrome UI on Linux prior to 150.0.7871.125 can allow a remote attacker to induce heap corruption by tricking a user into performing specific UI gestures on a crafted HTML page. Affected product: Google Chrome (Linux UI subsystem). Root cause: use-after-free ...

7.5CVSS6.1AI score0.0026EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago154 views

CVE-2026-15771

CVE-2026-15771 affects Google Chrome on Windows prior to 150.0.7871.125. The vulnerability arises from insufficient validation of untrusted input in the Media component, allowing a remote attacker who has compromised the renderer process to potentially read sensitive information from process memo...

5.3CVSS6.1AI score0.00274EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago9 views

CVE-2026-15767

Summary of CVE-2026-15767 : A heap buffer overflow in libyuv used by Google Chrome on Windows allows remote code execution in the sandbox via a crafted video file. The issue is tied to Chrome prior to version 150.0.7871.125. In the connected advisories, Chrome’s July 2026 Stable Channel update li...

8.8CVSS6.5AI score0.00311EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-47999 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

4.8CVSS0.07076EPSS
Exploits0References1
CVE
CVE
added 5 days ago7 views

CVE-2026-47999

CVE-2026-47999 describes a stored Cross-Site Scripting (XSS) flaw in Adobe Commerce . A high-privilege attacker can inject malicious scripts into vulnerable form fields, with JavaScript potentially executing in a victim’s browser when loading the page containing the affected field. The CVSS metri...

4.8CVSS6.1AI score0.07076EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago9 views

CVE-2026-47995

Technical details such as affected versions, vulnerable components, exploit methods, or remediation steps are not provided in the supplied documents. Monitor for updates from Adobe/NVD for concrete technical information.

8.1CVSS6.1AI score0.00269EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago47 views

CVE-2026-47996 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user...

7.6CVSS0.18028EPSS
Exploits0References1
CVE
CVE
added 5 days ago18 views

CVE-2026-9292

Technical details about CVE-2026-9292 are not publicly available in the provided documents; monitor for updates.

8.4CVSS6.2AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 5 days ago6 views

RLSA-2026:38485 Important: gegl security update

GEGL Generic Graphics Library is a graph-based image processing framework. Security Fixes: gimp: GIMP: Arbitrary code execution via heap-based buffer overflow in HDR file parsing CVE-2026-2050 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

7.8CVSS6.5AI score0.00552EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43593

SAP S/4HANA application Project Management PPM-PRO allows an attacker with high privileges to execute crafted database queries, exposing the backend database. This results in low impact on confidentiality, with no impact on integrity and availability of the application...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 5 days ago17 views

CVE-2026-44769

CVE-2026-44769 affects SAP S/4HANA Project Management (PPM-PRO). The connected documents describe a vulnerability where an attacker with high privileges can induce crafted database queries, resulting in exposure of the backend database. The impact is specified as low for confidentiality (C:H) wit...

5.5CVSS6.2AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 5 days ago53 views

CVE-2026-44761

SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...

9.1CVSS6.1AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-44761 Insecure Sample Credentials in SAP Commerce Cloud

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-44747 Memory Corruption vulnerability in SAP NetWeaver Application Server ABAP

SAP NetWeaver Application Server ABAP allows an authenticated attacker to leverage logical errors in memory management to cause a memory corruption that could lead to unauthorized data access, modification, or system unavailability. This has high impact on confidentiality, integrity, and...

9.9CVSS0.00439EPSS
Exploits0References2
Rows per page
Query Builder