Lucene search
K

7397 matches found

Nuclei
Nuclei
added 17 hours ago24 views

Netgear R6850 - Information Disclosure

Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the currentsetting.htm page.This hidden interface is not protected by authentication, allowing unauthenticated attackers to access sensitive informationsuch as firmware version, model details,...

7.5CVSS5.9AI score0.01923EPSS
Exploits1References3
Nuclei
Nuclei
added 17 hours ago32 views

WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure

An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. id: CVE-2019-9880 info: name: WPEngine WPGraphQL 0.2.3 -...

9.1CVSS7.2AI score0.34761EPSS
Exploits3References4
Nuclei
Nuclei
added 17 hours ago39 views

AccessAlly <3.5.7 - Sensitive Information Leakage

WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file "resource/frontend/product/product-shortcode.php" which is responsible for the accessallyorderform shortcode dumps serialize$SERVER, which contains all environment variables. The leakage occurs on all...

7.5CVSS7AI score0.05404EPSS
Exploits2References4
Nuclei
Nuclei
added 17 hours ago59 views

Huawei Firewall - Local File Inclusion

USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gai...

4.3CVSS6AI score0.01238EPSS
Exploits0References1
Nuclei
Nuclei
added 17 hours ago45 views

CyberPower < v2.8.3 - SQL Injection

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to . id: CVE-2024-32736 info: name: CyberPower PDNU" tags: cve,cve2024,cyberpower,sqli,vkev,vuln http: - method: GET path: - "BaseURL/api/v1/confup?mode=&uid=1'%20UNION%20select%201,2,3,4,sqliteversion;--"...

7.5CVSS7.1AI score0.05408EPSS
Exploits0References3
Nuclei
Nuclei
added 17 hours ago62 views

CrateDB Database - Arbitrary File Read

CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY...

6.5CVSS6.8AI score0.03084EPSS
Exploits1
Nuclei
Nuclei
added 2 days ago37 views

Cisco RV110W RV130W RV215W Router - Information leakage

A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...

5.3CVSS6.2AI score0.40951EPSS
Exploits1References3
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References1
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-13949

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
CVE
CVE
added last week111 views

CVE-2026-14012

This CVE describes a side-channel information leakage in CSS within Google Chrome (Chromium) prior to version 150.0.7871.47. The vulnerability allows a remote attacker to exfiltrate potentially sensitive data from process memory via a crafted HTML page. The affected component is the CSS handling ...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added last week4 views

CVE-2026-14012

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00205EPSS
Exploits0
CVE
CVE
added last week15 views

CVE-2026-14008

CVE-2026-14008 describes an uninitialized-use flaw in WebXR within Google Chrome on Android (pre-150.0.7871.47). A crafted HTML page could cause the Chrome process to disclose potentially sensitive memory contents to remote attackers. The impact is information disclosure with a Medium severity pe...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week14 views

CVE-2026-13790

CVE-2026-13790 describes a side-channel information leakage in Chrome’s Scroll component that could allow a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Google Chrome (Chromium-based); the vulnerability is caused by information leakage in the Scroll impl...

6.5CVSS5.8AI score0.00299EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54288

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A side-channel information leakage issue exists in the CSS component. This flaw allows a remote attacker to retrieve potentially sensitive information from process memory by using a...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
NVD
NVD
added 2026/06/25 3:16 p.m.9 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:29 p.m.32 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:37 p.m.14 views

CVE-2026-47148

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed...

7.1CVSS5.9AI score0.00249EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 12:58 p.m.29 views

CVE-2026-40012 Information about ECS zero scoped answers might leak to clients that use a specific ECS

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;...

5.3CVSS0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 8:39 a.m.9 views

EUVD-2026-39200

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.7AI score0.00184EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38863

In the Linux kernel, the following vulnerability has been resolved: net/rds: zero per-item info buffer before handing it to visitors rdsforeachconninfo and rdswalkconnpathinfo both hand a caller-allocated on-stack u64 buffer to a per-connection visitor and then copy the full itemlen bytes back to...

6AI score0.00176EPSS
Exploits0References9
Rows per page
Query Builder