Lucene search
K

5438 matches found

Cvelist
Cvelist
added 9 hours ago6 views

CVE-2026-11610 389-ds-base: 389-ds-base: heap buffer overflow in sasl_io_recv() via padded sasl unbind

A heap buffer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. After a successful SASL bind with integrity protection SSF 0, an authenticated attacker can send a specially crafted oversized LDAP UNBIND packet that is copied into a 512-byte heap receive buffer...

8.8CVSS
Exploits0References10
Nuclei
Nuclei
added 15 hours ago29 views

XWiki Platform - Unauthorized Document History Access

A vulnerability in XWiki Platform's REST API allows unauthorized users to access document history information. The REST API endpoint exposes the history of any page including modification times, version numbers, author details username and display name, and version comments, regardless of access...

5.3CVSS5.9AI score0.03417EPSS
Exploits1References3
Nuclei
Nuclei
added 15 hours ago6 views

Piwigo < 16.3.0 - Unauthenticated Information Disclosure via History API

Piwigo = 16.3.0 contains an information disclosure vulnerability caused by the pwg.history.search API method lacking adminonly restriction, letting unauthenticated users access full browsing history, exploit requires no authentication id: CVE-2026-27833 info: name: Piwigo 16.3.0 - Unauthenticated...

7.5CVSS5.9AI score0.01522EPSS
Exploits1References2
NVD
NVD
added yesterday6 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS0.00043EPSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-53641

FOSSBilling versions 0.6.0–0.7.2 contain a stored XSS vulnerability in the client email history views. Email HTML content is rendered into a JavaScript template literal via the |raw filter, bypassing output escaping, allowing an admin to inject JavaScript payloads that execute in a client’s brows...

4.8CVSS5.9AI score0.00043EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-53641

FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...

4.8CVSS5.9AI score0.00043EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago27 views

CVE-2026-14630 ForceInjection AI-fundermentals Memory Recall smart_customer_service.py get_conversation_history weak hash

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS0.0016EPSS
Exploits0References7
CVE
CVE
added 3 days ago16 views

CVE-2026-14630

ForceInjection AI-fundermentals 2.0/3.0 contains a vulnerability in the Memory Recall Handler: get_conversation_history (08_agentic_system/memory/langchain/code/smart_customer_service.py). The issue involves use of a weak hash, with remote exploitation possible but described as high complexity. E...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-41677

A vulnerability has been found in ForceInjection AI-fundermentals 2.0/3.0. Affected by this vulnerability is the function getconversationhistory of the file 08agenticsystem/memory/langchain/code/smartcustomerservice.py of the component Memory Recall Handler. The manipulation leads to use of weak...

3.1CVSS4.9AI score0.0016EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 5 days ago4 views

Malicious code in @marketfront/header (npm)

The @marketfront/header package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...

6.3AI score
Exploits0References2
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-40426

Capgo console.capgo.app/login before 12.128.2 accepts accesstoken and refreshtoken in URL query parameters, automatically authenticating users without confirmation. Attackers can craft malicious links to force victims into attacker-controlled sessions, exposing tokens in browser history and logs...

5.4CVSS5.8AI score0.00194EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-40820

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00149EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40654

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0023EPSS
Exploits0References3
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-14133

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.8AI score0.00149EPSS
Exploits0References1
NVD
NVD
added last week4 views

CVE-2026-14133

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00149EPSS
Exploits0References2
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-13966

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-13966

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added last week22 views

CVE-2026-14133

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.00149EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week4 views

CVE-2026-14133

Race in History Embeddings in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00149EPSS
Exploits0
CVE
CVE
added last week42 views

CVE-2026-14133

Technical details are not publicly available in the provided documents. Monitor for updates.

4.3CVSS5.8AI score0.00149EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder