Lucene search
+L

2330 matches found

EUVD
EUVD
added 3 days ago7 views

EUVD-2026-43644

Multiple input validation vulnerabilities in the Snowflake Spark Connector spark-snowflake versions prior to 3.2.1 can allow attackers to exfiltrate OAuth client credentials, execute arbitrary SQL with the connector's Snowflake role, or redirect COPY operations to attacker-controlled storage. An...

9.2CVSS6.3AI score0.00208EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 6 days ago70 views

Chromium: CVE-2026-13946 Inappropriate implementation in ScriptInjections

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS6.1AI score0.00201EPSS
Exploits0
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-13946

Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.30 views

CVE-2026-13946

Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.92 views

CVE-2026-13946

CVE-2026-13946 concerns Google Chrome on iOS. The issue is an inappropriate implementation in ScriptInjections , allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected product: Google Chrome on iOS prior to version 150.0.7871.47. Impact is cross-origin data leakage...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.6 views

CVE-2026-13946

Inappropriate implementation in ScriptInjections in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00201EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54222

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description An inappropriate implementation in ScriptInjections allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update Google Chrom...

9.8CVSS6AI score0.00413EPSS
Exploits0References446
NVD
NVD
added 2026/06/22 12:16 p.m.17 views

CVE-2026-11373

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

9.1CVSS0.00352EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/22 11:28 a.m.4 views

CVE-2026-11373

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

8.2CVSS5.8AI score0.00352EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/22 11:28 a.m.11 views

EUVD-2026-38224

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

9.1CVSS5.8AI score0.00352EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 11:28 a.m.22 views

CVE-2026-11373

Summary of CVE-2026-11373 (Net::Statsite::Client) : The Perl client (versions through 1.1.0) is vulnerable to metric injections because metric names are not sanitized for newlines or other protocol control characters (e.g., colons, pipes), and newlines are not removed from metrics. This can allow...

9.1CVSS5.8AI score0.00352EPSS
Exploits0References6
OSV
OSV
added 2026/06/22 11:28 a.m.4 views

CVE-2026-11373 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections

Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...

9.1CVSS5.9AI score0.00352EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1862)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1862 advisory. Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip...

8.8CVSS7.8AI score0.00917EPSS
Exploits1References26
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51292

Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...

9.1CVSS5.9AI score0.00352EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.3 views

CVE-2025-71331

Flowise before 3.0.8 contains a cross-site scripting XSS vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload e.g., in a chat box, or by having a custom agent function return an X...

6.1CVSS5.7AI score0.00222EPSS
Exploits1References3
CVE
CVE
added 2026/06/18 10:21 a.m.31 views

CVE-2026-54419

PIAF-HMS (PBX-In-A-Flash Hotel Management System) contains multiple unauthenticated SQL injection vulnerabilities. The app has no authentication and passes user-supplied HTTP parameters directly into deprecated mysql_query() calls via string concatenation, without sanitization, escaping, or param...

9.8CVSS5.8AI score0.00587EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50512

Name of the Vulnerable Software and Affected Versions undici versions prior to 6.26.0 undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The HTTP/1.1 client is subject to response queue poisoning when keep-alive sockets are reused. An attacker-controlled upstream server ca...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References135
OSV
OSV
added 2026/06/16 11:47 a.m.6 views

BIT-MARIADB-MIN-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS5.6AI score0.00316EPSS
Exploits0References12
OSV
OSV
added 2026/06/16 11:46 a.m.16 views

BIT-MARIADB-2026-44172 MariaDB: mysql_real_escape_string() incorrectly handled big5

MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input, escaping it with mysqlrealescapestring and sending it to the database using text protocol and big5 character set was vulnerable to SQL injections,...

9.1CVSS5.5AI score0.00316EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Netatalk vulnerabilities (USN-8395-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8395-1 advisory. Arjun Basnet discovered that Netatalk incorrectly sanitized user input in its MyS...

9.9CVSS6.4AI score0.00516EPSS
Exploits0References11
Rows per page
Query Builder