Lucene search
K

1977 matches found

RedhatCVE
RedhatCVE
added yesterday3 views

CVE-2026-48743

A flaw was found in Envoy, an open source edge and service proxy. This vulnerability occurs when Envoy translates an HTTP/3 request that is complete at the transport layer but still carries a nonzero Content-Length into an HTTP/1 request for an upstream server. If the upstream server responds...

7.5CVSS5.6AI score0.00298EPSS
Exploits1References4
EUVD
EUVD
added yesterday9 views

EUVD-2026-36315

OpenClaw: Embedded runner policy could be confused by provider aliases...

4.8CVSS5.7AI score0.00093EPSS
Exploits0References3
CVE
CVE
added 2 days ago43 views

CVE-2026-55628

ImageMagick (CVE-2026-55628) is affected by a policy bypass in the -concatenate operation present in versions prior to 7.1.2-26he, due to missing security policy checks. This could allow reading and writing to paths disallowed by policy. The issue has been fixed in version 7.1.2-26he. Remediation...

5.5CVSS5.7AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-56377

A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. Mitigati...

4.8CVSS5.9AI score0.00175EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-14156

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00207EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-13964

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-14058

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00246EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago19 views

CVE-2026-14039

Insufficient policy enforcement in GetUserMedia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

0.00132EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-14039

CVE-2026-14039 concerns Google Chrome’s GetUserMedia, where insufficient policy enforcement before version 150.0.7871.47 allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability affects Chrome components related to media permissions and page-origin che...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago22 views

CVE-2026-13886

Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

0.00242EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-13876

CVE-2026-13876 involves an inappropriate implementation in the Network stack of Google Chrome before version 150.0.7871.47 . The issue allows an attacker with a privileged network position to bypass the page content Security Policy (CSP) through malicious network traffic. The connected documents ...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago26 views

CVE-2026-56377 ImageMagick - Policy Bypass via Incorrect Path Validation

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS0.00175EPSS
Exploits0References2
CVE
CVE
added 3 days ago9 views

CVE-2026-56377

ImageMagick vulnerable to a policy- bypass due to an incorrect path check in sandboxed conversion services. Affects ImageMagick before 7.1.2-24, where a crafted request could allow remote or local attackers to create or truncate files outside allowed boundaries by bypassing path policy restrictio...

4.8CVSS5.9AI score0.00175EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 3 days ago6 views

SUSE CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP- family URLs. The IDN conversion path calls a helper that do...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago4 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

4.8CVSS5.9AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-13676

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...

7.5CVSS5.7AI score0.00278EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 4 days ago5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
OSV
OSV
added 4 days ago6 views

DEBIAN-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References1
Rows per page
Query Builder