Lucene search
K

3471 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54278

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Geolocation feature allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is achieved by using a...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54171

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement within the Network component allows an attacker in a privileged network position to bypass navigation restrictions by using a crafted HTML page...

9.6CVSS5.9AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54232

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An issue in the PageInfo security UI allows a remote attacker to perform UI spoofing. This occurs when a user is convinced to perform specific UI gestures while interacting with a craft...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54387

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Enterprise component allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is convince...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54276

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An improper implementation of XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS by using a crafted HTML page to inject arbitrary scripts or HTML. Recommendatio...

9.6CVSS6.1AI score0.00413EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54248

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Paint component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...

9.6CVSS6AI score0.00413EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54178

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Serial component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achiev...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54313

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the New Tab Page allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HT...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54298

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
NVD
NVD
added 2026/06/29 9:16 p.m.9 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS0.00423EPSS
Exploits1References2
OSV
OSV
added 2026/06/29 11:50 a.m.4 views

PYSEC-2026-522 ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS8AI score0.04452EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/26 10:58 p.m.27 views

CVE-2026-55975 H.VIEW HV-500S6 IP Camera OS Command Injection

A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command...

8.6CVSS0.00653EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 10:58 p.m.15 views

CVE-2026-55975

CVE-2026-55975 affects H.View IP cameras (e.g., HV-500S6) where an authenticated user can supply unsanitized XML to the device’s certificate generation interface. The input is incorporated into a backend certificate creation command without proper validation, enabling command execution with eleva...

8.6CVSS5.9AI score0.00653EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 9:5 p.m.13 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 3:40 p.m.40 views

CVE-2026-44018 Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2.91.0, the METS-GBS backend's XML parsing and the input document format detection lacked security controls. An attacker could craft malicious METS-GBS...

5.5CVSS0.00113EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 4:16 p.m.9 views

CVE-2026-48942

K2 ≤ 2.26 renders the k2users.image column directly into HTML src attributes via two distinct templates, in both cases without HTML escaping...

6.1CVSS0.00149EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.14 views

CVE-2026-57534

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 3:16 p.m.5 views

UBUNTU-CVE-2026-57435

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 2:34 p.m.6 views

CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 2:30 p.m.5 views

CVE-2026-57234

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema see CVE-2020-26247, was not correctly enforced on the JRuby implementation. As a result, a schema parsed with...

2.6CVSS5.8AI score0.00166EPSS
Exploits0
Rows per page
Query Builder