Lucene search
K

47293 matches found

NVD
NVD
added 16 minutes ago1 views

CVE-2026-49978

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify INPLACE sanitization could skip shadow contents attached to an element inside .content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive an...

6.3CVSS0.00038EPSS
Exploits0References3
NVD
NVD
added 16 minutes ago1 views

CVE-2026-48272

Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scop...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago5 views

CVE-2026-48272 Creative Cloud Desktop | Uncontrolled Search Path Element (CWE-427)

Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scop...

7.8CVSS
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-48272

Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scop...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-49978 DOMPurify IN_PLACE Sanitization Bypass via Attached Shadow Root Inside <template>.content

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify INPLACE sanitization could skip shadow contents attached to an element inside .content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive an...

6.3CVSS0.00038EPSS
Exploits0References3
CVE
CVE
added 1 hour ago34 views

CVE-2026-49978

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify INPLACE sanitization could skip shadow contents attached to an element inside .content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive an...

6.3CVSS0.00038EPSS
Exploits0References3
Cvelist
Cvelist
added 1 hour ago3 views

CVE-2026-49459 DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizeroot, INPLACE: true could preserve event-handler attributes on an attacker-controlled root when a descendant name clobbered properties checked by isClobbered, because forceRemove...

6.1CVSS0.00042EPSS
Exploits0References3
The Hacker News
The Hacker News
added 4 hours ago3 views

Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

Any other browser extension that can run a script on claude.ai can still trigger Claude for Chrome tasks aimed at your Gmail, your latest Google Doc and its comments, and your Calendar. Both this and ClaudeBleed need a rogue extension that can already run a script on claude.ai; the difference is...

6.3AI score
Exploits0
NVD
NVD
added 6 hours ago6 views

CVE-2026-15695

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...

9CVSS
Exploits0References6
NVD
NVD
added 6 hours ago4 views

CVE-2026-15696

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

9CVSS
Exploits0References6
Cvelist
Cvelist
added 6 hours ago5 views

CVE-2026-15696 Tenda BE12 Pro VirtualSer fromVirtualSer stack-based overflow

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

9CVSS
Exploits0References6
CVE
CVE
added 6 hours ago6 views

CVE-2026-15696

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

9CVSS7.5AI score
Exploits0References6
Vulnrichment
Vulnrichment
added 6 hours ago4 views

CVE-2026-15696 Tenda BE12 Pro VirtualSer fromVirtualSer stack-based overflow

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

9CVSS7.5AI score
Exploits0References6
EUVD
EUVD
added 6 hours ago3 views

EUVD-2026-43691

A vulnerability has been found in Tenda BE12 Pro 16.03.66.23. The impacted element is the function fromVirtualSer of the file /goform/VirtualSer. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the...

9CVSS7.5AI score
Exploits0References6
Cvelist
Cvelist
added 7 hours ago5 views

CVE-2026-15695 Tenda BE12 Pro DhcpListClient fromDhcpListClient stack-based overflow

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...

9CVSS
Exploits0References6
CVE
CVE
added 7 hours ago5 views

CVE-2026-15695

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...

9CVSS7.5AI score
Exploits0References6
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-43686

A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...

9CVSS7.5AI score
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 8 hours ago1 views

Security Bulletin: Multiple vulnerabilities in IBM Disconnected Log Collector

Summary Multiple vulnerable packages were addressed in IBM Disconnected Log Collector version 2.0.1 Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in...

8.7CVSS6.7AI score0.0086EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 8 hours ago1 views

Security Bulletin: User Entity Behavior Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. User Entity Behavior Analytics App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-41305 DESCRIPTION:...

7.5CVSS7AI score0.00808EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 8 hours ago1 views

Security Bulletin: Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Data Synchronization App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a...

8.8CVSS6.8AI score0.08279EPSS
Exploits2Affected Software1
Rows per page
Query Builder