Lucene search
K

36093 matches found

CVE
CVE
added 5 hours ago6 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday28 views

CVE-2026-48806

Twig’s vulnerability CVE-2026-48806 concerns dynamic mapping keys in ArrayExpression not being wrapped for string coercion, allowing PHP to call __toString() on a Stringable key without SandboxExtension::ensureToStringAllowed(). The issue affects Twig

7.1CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday28 views

CVE-2026-48808

Twig’s CVE-2026-48808 describes a sandbox bypass when sandboxing is enabled via SourcePolicyInterface and the CoreExtension::column() filter is used. The issue arises because the column filter passes the active sandbox state as a boolean but does not forward the current Source to SandboxExtension...

6CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday16 views

CVE-2026-49981

CVE-2026-49981 (Twig) describes a bypass where the per-template allow-list verdict was cached at Template construction and could be reused after the sandbox state changed between renders. This affected twig/twig up to versions before 3.27.0, enabling a later sandboxed render to reuse an earlier c...

6CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday42 views

CVE-2026-46634

Technical details (affected software/version, root cause, impact, remediation) are not publicly provided in the supplied documents. Monitor for updates from Twig advisories and Debian/OSV feeds for patches and confirmed exploitability.

7.7CVSS6.1AI score0.00031EPSS
Exploits0References3
CVE
CVE
added yesterday20 views

CVE-2026-47732

Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...

7.1CVSS6.1AI score0.00044EPSS
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-15775

The CVE-2026-15775 entry concerns Google Chrome’s V8 engine. Affected component: V8 within Chrome prior to version 150.0.7871.125. The vulnerability allows a remote attacker to bypass the Same Origin Policy via a crafted HTML page, with a High severity per Chromium notes. The available connected ...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-15768

Google Chrome prior to 150.0.7871.125 is affected by an HTML-in-Canvas policy enforcement flaw that allows a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability stems from insufficient policy enforcement in the HTML-in-Canvas component. Impact is described ...

6.1AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-50496

CVE-2026-50496 is an out-of-bounds read vulnerability in Windows Network Policy Server SNMP that allows an unauthenticated attacker to disclose information over the network. Affects the SNMP component of Windows NPS; impact is information disclosure with a CVSS v3.1 base score of 7.5 (Network att...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-50470

CVE-2026-50470 describes an out-of-bounds read in Windows Network Policy Server SNMP that could let an unauthenticated attacker disclose information over the network. The vulnerability affects the NPS SNMP handling and has a CVSS v3.1 base score of 7.5 (High) with network attack vector, low attac...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-50391

CVE-2026-50391 is a Microsoft Windows Group Policy privilege-escalation vulnerability. Affects Windows Group Policy functionality; root cause is improper privilege management that permits an authorized local attacker to elevate privileges. CVSS v3.1 base score 7.8 (High) with local, low attack co...

7.8CVSS6AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43654

DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...

9.8CVSS6.1AI score0.00184EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added yesterday6 views

firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: Cookies component...

9.1CVSS6AI score0.00189EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-15416

A flaw was identified in Argo CD, the GitOps engine used by Red Hat OpenShift GitOps, that could allow an unauthenticated attacker with network access to the Argo CD repo-server to achieve remote code execution. Under certain conditions, the attacker may then manipulate cached data to deploy...

8.9CVSS6.3AI score0.00281EPSS
Exploits0References7
Nuclei
Nuclei
added yesterday10 views

Privacy Policy Genius - Cross-Site Scripting

Privacy Policy Genius WordPress plugin v2.0.4 contains a reflected cross-site scripting caused by unsanitized parameter output in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to craft a malicious URL. id: CVE-2024-13219...

6.1CVSS7AI score0.00565EPSS
Exploits1References2
NVD
NVD
added yesterday8 views

CVE-2026-44768

SAP CRM WebClient UI allows an attacker to inject and execute malicious scripts in the context of the application due to the absence of a Content Security Policy CSP configuration for certain restrictive directives. This vulnerability has a low impact on the integrity of the application...

4.1CVSS0.00165EPSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-43537

OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled...

8.5CVSS6.1AI score0.00209EPSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-43571

OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...

6.9CVSS6.2AI score0.00201EPSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-44768

Summary: CVE-2026-44768 affects the SAP CRM WebClient UI. The vulnerability arises from the absence of a Content Security Policy (CSP) configuration for certain restrictive directives, enabling an attacker to inject and execute malicious scripts in the application context. According to the source...

4.1CVSS6.2AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder