Lucene search
K

143681 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-55790

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2 days ago6 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-14411

CVE-2026-14411 describes insufficient validation of untrusted input in ANGLE used by Google Chrome, prior to build 150.0.7871.46. The issue may allow a remote attacker to cause a sandbox escape via a crafted HTML page. Documented impact is a high-severity, likely remote threat affecting ANGLE int...

9.6CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-50283 Craft CMS: Unauthorized Deletion of Source Assets During File Replacement

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS0.00265EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-50283

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2 days ago4 views

CVE-2026-54259

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could se...

4.3CVSS0.00162EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2026-54261

Wagtail (Django-based CMS) has a permission-check flaw in the image preview endpoint. In versions prior to 7.0.8, 7.3.3, and 7.4.2, a user with admin access could preview any image due to a missing permission check; this does not expose the image data itself to ordinary site visitors. The issue h...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-53333

A flaw was found in the Linux kernel's memory management mm/mincore. This vulnerability occurs when handling non-swap memory entries, particularly in systems configured without swap. An issue in the mincorepterange function can cause the system to incorrectly report certain memory pages as...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References5
Circl
Circl
added 2 days ago3 views

CVE-2026-13819

creationtimestamp| type| source ---|---|--- 2026-07-01 19:50:25+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmc2eecjz22 2026-07-02 07:19:45+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 11:41:27+00:00| seen|...

8.1CVSS5.7AI score0.00272EPSS
Exploits0References3
Circl
Circl
added 2 days ago3 views

CVE-2026-13810

creationtimestamp| type| source ---|---|--- 2026-07-01 19:47:40+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmbvgrwmf2b 2026-07-02 01:05:01+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmtmwbmdl2l 2026-07-02 07:19:26+00:00| seen|...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2 days ago4 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS7.2AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2 days ago3 views

Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing

A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service DoS by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory...

8.7CVSS7.1AI score0.00671EPSS
Exploits0References8
OSV
OSV
added 2 days ago3 views

ECHO-9CE2-5D11-2D0A

Bulletin has no description...

9.6CVSS5.7AI score0.00234EPSS
Exploits0References2
Chainguard
Chainguard
added 2 days ago4 views

GHSA-VJ5W-9MXG-PPMH vulnerabilities

Vulnerabilities for packages: chromium...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2 days ago3 views

CVE-2026-4449 vulnerabilities

Vulnerabilities for packages: chromium...

8.8CVSS7.3AI score0.00253EPSS
Exploits0
Chainguard
Chainguard
added 2 days ago1 views

CVE-2024-6989 vulnerabilities

Vulnerabilities for packages: chromium...

8.8CVSS6.7AI score0.00538EPSS
Exploits0
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-53350

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

5.7AI score0.00161EPSS
Exploits0References1
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-53340

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2cimxruntimesuspend, the clock is disabled before switching the pinctrl state to sleep. If pinctrlpmselectsleepstate fails, the runtime suspend is aborted but...

5.7AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-53339

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...

5.7AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder