CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/06/05 11:29 a.m.•16 views

CVE-2026-11345

In CVE-2026-11345, the linqi web app exposes an improper authentication flaw in the /api/Cdn/GetFile endpoint. The ValidateAnonFileAccess check incorrectly grants access when an AnonFile query parameter is exactly 256 characters, allowing unauthenticated remote access to files. The exposed resour...

6.9CVSS5.6AI score0.00414EPSS

SUSE Linux•added 2026/06/05 6:37 a.m.•6 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.11 bsc1265212 MFSA 2026-44: CVE-2026-8090: Use-after-free in the DOM: Networking component. CVE-2026-8092: Memory safety bugs fixed in Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. CVE-2026-8094:...

8.8CVSS5.5AI score0.00605EPSS

Exploits0References48

OSV•added 2026/06/05 6:37 a.m.•4 views

SUSE-SU-2026:2271-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues - Updated to Mozilla Thunderbird 140.11 bsc1265212 MFSA 2026-44: - CVE-2026-8090: Use-after-free in the DOM: Networking component. - CVE-2026-8092: Memory safety bugs fixed in Thunderbird ESR 140.10.2 and Thunderbird 150.0.2. -...

9.8CVSS5.5AI score0.00605EPSS

Exploits0References25

Cvelist•added 2026/06/05 6:3 a.m.•44 views

CVE-2026-21825 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS0.00152EPSS

Vulnrichment•added 2026/06/05 6:3 a.m.•5 views

CVE-2026-21825 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS5.5AI score0.00152EPSS

CVE•added 2026/06/05 6:3 a.m.•16 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim’s browser. The CVE-2026-21825 entry lists a CVSS v3.1 base score of 6.1 (MEDIUM) with network access, low privilege...

6.1CVSS5.5AI score0.00152EPSS

Exploits0References1Affected Software1

Fedora•added 2026/06/05 4:10 a.m.•10 views

[SECURITY] Fedora 43 Update: perl-Cpanel-JSON-XS-4.41-1.fc43

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C...

7.5CVSS5.8AI score0.00608EPSS

Exploits0

EUVD•added 2026/06/05 12:31 a.m.•6 views

EUVD-2026-34672

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.3AI score0.0028EPSS

EUVD•added 2026/06/05 12:31 a.m.•8 views

EUVD-2026-34634

Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.0028EPSS

EUVD•added 2026/06/05 12:31 a.m.•8 views

EUVD-2026-34646

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

6.2AI score0.00201EPSS

EUVD-2026-34523

Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00229EPSS

8.8CVSS6.3AI score0.00351EPSS

EUVD-2026-34436

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34438

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00316EPSS

8.8CVSS6.2AI score0.00351EPSS

EUVD-2026-34440

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

EUVD•added 2026/06/05 12:31 a.m.•6 views

EUVD-2026-34412

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00351EPSS

EUVD•added 2026/06/05 12:31 a.m.•9 views

EUVD-2026-34413

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00351EPSS

EUVD•added 2026/06/05 12:31 a.m.•8 views

EUVD-2026-34359

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00413EPSS

NVD•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS0.00324EPSS