Lucene search
K

4410 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52985

Name of the Vulnerable Software and Affected Versions Kestra versions prior to 1.0.45 Kestra versions prior to 1.3.21 Description An access control bypass exists in the previewFileFromExecution endpoint GET '/api/v1/tenant/executions/executionId/file/preview'. This issue allows an authenticated...

6.5CVSS5.9AI score0.00263EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-53001

Name of the Vulnerable Software and Affected Versions Fleet DM affected versions not specified Description An issue exists in the global policy read endpoint GET /api/latest/fleet/policies/policy id where authorization is performed against an empty structure with a nil TeamID. This allows the...

4.3CVSS6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52909

Name of the Vulnerable Software and Affected Versions RustFS version 1.0.0-beta.4 Description Authenticated users with PutObject permission on their own bucket can exploit a path traversal issue in the Snowball auto-extract feature to write arbitrary objects into buckets belonging to other users,...

8.6CVSS5.9AI score0.00273EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.7 views

GO-2026-5337 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) in github.com/kyverno/kyverno

Kyverno: Cross-Namespace Read Bypasses RBAC Isolation CVE-2026-22039 Incomplete Fix in github.com/kyverno/kyverno...

7.7CVSS5.8AI score0.00266EPSS
Exploits2References3
ICS
ICS
added 2026/06/25 6:0 a.m.7 views

Delta Electronics DTM Soft

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all control system...

8.4CVSS6.2AI score0.00388EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52581

Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...

4.4CVSS6AI score0.00149EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 8:38 p.m.6 views

CVE-2026-13208

A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identity namespace/name solely from the request body without validating it against the connection's origin. Each virt-launcher pod connects through a per-VMI...

6.5CVSS5.8AI score0.0009EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 8:32 p.m.9 views

CVE-2026-52812

CVE-2026-52812 affects Gogs (open source self-hosted Git service) prior to 0.14.3. The vulnerability stems from a dedupe path in LFS storage: when an OID file already exists on disk, serveUpload bypasses hash verification and inserts a new per-repo binding (repo_id, oid) without confirming that t...

7.1CVSS5.9AI score0.00236EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 7:21 p.m.16 views

CVE-2026-55583 Twenty: Cross-workspace IDOR in AgentTurnResolver

Twenty is an open-source CRM customer relationship management platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference IDOR in the AI agent monitor's AgentTurnResolver, in packages/twenty-server/src/engine/metadata-modules/ai/ai-agent-monitor/reso...

7.6CVSS0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 7:17 p.m.2 views

DEBIAN-CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.7CVSS5.8AI score0.00143EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:17 p.m.8 views

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.7CVSS0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:17 p.m.7 views

CVE-2026-13024

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.2CVSS0.00146EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 7:17 p.m.2 views

DEBIAN-CVE-2026-13024

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.2CVSS5.8AI score0.00146EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 6:43 p.m.157 views

CVE-2026-13034

Vulnerability summary (CVE-2026-13034). In Google Chrome, an inappropriate implementation in the Passwords component before version 149.0.7827.197 allows a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. The issue is tied to Chromium’s se...

4.7CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 6:43 p.m.5 views

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.7CVSS5.8AI score0.00143EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 6:43 p.m.35 views

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

0.00143EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.5 views

EUVD-2026-39046

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.7CVSS5.8AI score0.00143EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/24 6:43 p.m.4 views

CVE-2026-13024

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.2CVSS5.8AI score0.00146EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 6:43 p.m.30 views

CVE-2026-13024

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.4 views

EUVD-2026-39039

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

4.2CVSS5.8AI score0.00146EPSS
Exploits0References2
Rows per page
Query Builder