Lucene search
K

19534 matches found

NVD
NVD
added 2026/04/22 8:16 p.m.4 views

CVE-2026-6019

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS0.00229EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/22 7:28 p.m.5 views

CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

2.1CVSS5.7AI score0.00229EPSS
Exploits1References6
OSV
OSV
added 2026/04/22 7:28 p.m.17 views

PSF-2026-21

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.7AI score0.00229EPSS
Exploits1References6
Qualys Blog
Qualys Blog
added 2026/04/22 5:12 p.m.27 views

Don’t Wait for a Patch. Mitigate RedSun Zero-Day Risk in Microsoft Defender Today

Key Takeaways RedSun is a critical zero-day vulnerability in Microsoft Defender that allows low-privileged users to gain SYSTEM access No patch is currently available, leaving all Defender-enabled Windows systems potentially exposed Qualys VMDR detects affected assets instantly QID 92382 TruRisk...

5.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/04/22 5:0 p.m.9 views

AI-powered defense for an AI-accelerated threat landscape

We are at an inflection point in cybersecurity. Recent advances in AI model capabilities are changing how vulnerabilities are discovered and exploited. AI models can autonomously discover weaknesses, chain multiple lower-severity issues into working end-to-end exploits, and produce working...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 4:36 p.m.12 views

CVE-2026-41651

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation. Mitigation To mitigate this vulnerability, mask the PackageKit service. Note that graphical...

8.8CVSS5.8AI score0.0046EPSS
Exploits10References8
RedhatCVE
RedhatCVE
added 2026/04/22 12:54 p.m.4 views

CVE-2026-6857

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS5.9AI score0.00667EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/22 10:28 a.m.4 views

CVE-2026-5450

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.7AI score0.00451EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/04/22 9:6 a.m.5 views

CVE-2026-6848

A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be bypassed. This allows a user with a timed-out session, or an attacker with access to an idle...

8.1CVSS5.7AI score0.00263EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/22 8:37 a.m.6 views

CVE-2026-6846

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF Extended Common Object File Format object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution,...

7.8CVSS5.8AI score0.00164EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/22 1:40 a.m.5 views

SUSE CVE-2026-6755

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

6.5CVSS5.7AI score0.00189EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/22 1:40 a.m.7 views

SUSE CVE-2026-6756

Mitigation bypass in Firefox for Android. This vulnerability was fixed in Firefox 150...

7.5CVSS5.8AI score0.00239EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/22 1:40 a.m.4 views

SUSE CVE-2026-6760

Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

9.8CVSS5.7AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/22 1:40 a.m.7 views

SUSE CVE-2026-6763

Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2026/04/22 1:39 a.m.6 views

SUSE CVE-2026-6774

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 1:16 a.m.12 views

CVE-2026-40344

MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler PutObjectExtractHandler allows any user who knows a valid access key to write...

8.8CVSS0.00418EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/22 1:15 a.m.4 views

CVE-2026-6774

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

5.4CVSS5.7AI score0.00153EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 1:14 a.m.5 views

CVE-2026-6771

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/22 1:14 a.m.5 views

CVE-2026-6768

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the Networking: Cookies component...

9.8CVSS5.7AI score0.00285EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 1:14 a.m.4 views

CVE-2026-6763

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References5
Rows per page
Query Builder