Lucene search
K

36174 matches found

Cvelist
Cvelist
added 2026/06/09 5:6 p.m.33 views

CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS0.00459EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:6 p.m.8 views

CVE-2026-42971 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS5.4AI score0.00459EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:6 p.m.159 views

CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS0.00404EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:6 p.m.9 views

CVE-2026-42970 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS5.4AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:6 p.m.29 views

CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS0.00388EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:6 p.m.7 views

CVE-2026-42969 Windows Push Notification Information Disclosure Vulnerability

...

5.5CVSS5.4AI score0.00388EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS6AI score0.00404EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Windows Push Notification Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS6AI score0.00459EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.13 views

Windows Push Notification Information Disclosure Vulnerability

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00388EPSS
Exploits0
Snyk
Snyk
added 2026/06/09 10:23 a.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the notification emails. An attacker can inject arbitrary HTML content into emails sent to other users by submitting specially crafted input. Details Cross-site scripting or XSS is a code vulnerability that...

5.4CVSS5.1AI score0.00372EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 9:16 a.m.18 views

CVE-2026-34033

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.4CVSS0.00372EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 7:35 a.m.10 views

CVE-2026-34033 Apache Answer: HTML Content Injection in Email

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. User-supplied content was included in notification emails without proper escaping, allowing authenticated users to inject arbitrary HTML int...

5.5AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 7:35 a.m.29 views

CVE-2026-34033

CVE-2026-34033 affects Apache Answer up to version 2.0.0. The issue is an HTML content injection (basic XSS) where user-supplied content included in notification emails was not properly escaped, allowing authenticated users to inject arbitrary HTML into emails sent to other users. The CVSS vector...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/09 5:16 a.m.16 views

CVE-2026-8902

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.35 views

CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rcoptionspage function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS0.00124EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Apache Answer 安全漏洞

Apache Answer is a community platform of the Apache Foundation in the United States. Versions of Apache Answer 2.0.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper handling of script-related HTML tags in web pages. The content provided by users was n...

5.4CVSS5.5AI score0.00372EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:52 p.m.9 views

CVE-2026-6242

An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker may inject crafted format strings into event subscription requests or notification generation pa...

6.8CVSS5.5AI score0.00174EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-48648

In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.6AI score0.00068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7724

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS4.8AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-34851

Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability...

7.5CVSS5.4AI score0.00126EPSS
Exploits0References1
Rows per page
Query Builder