Lucene search
+L

236 matches found

cvelist
cvelist
added 4 days ago30 views

CVE-2026-12274 Tutor LMS < 3.9.13 - Instructor+ Arbitrary Post Overwrite via IDOR

The Tutor LMS WordPress plugin before 3.9.13 does not verify that the requesting user is allowed to edit a target post before overwriting it in one of its content-builder save handlers, authorizing the request only against an unrelated identifier, allowing authenticated users with instructor-leve...

0.00184EPSS
Exploits0References1
euvd
euvd
added 2026/07/09 5:12 p.m.8 views

EUVD-2026-42639

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.8.12 before 0.10.0, an authenticated non-admin user with read access to an arena wrapper model can reach a restricted underlying model through task endpoints such as /api/v1/tasks/moa/completions. The...

5.4CVSS6AI score0.00211EPSS
Exploits0References4
nvd
nvd
added 2026/07/08 2:17 p.m.7 views

CVE-2026-56283

Capgo before 12.128.2 contains an html injection vulnerability in the organization settings endpoint that allows attackers to inject malicious HTML content. Attackers can craft payloads in the organization name field to redirect users to untrusted websites, enabling phishing attacks and...

5.4CVSS0.00138EPSS
Exploits0References2
euvd
euvd
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41183

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:16 p.m.6 views

CVE-2026-13824

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00277EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:38 p.m.18 views

CVE-2026-13867

CVE-2026-13867 affects Google Chrome’s Geolocation implementation. The vulnerability arises from an inappropriate Geolocation implementation, enabling a remote attacker to spoof UI via a crafted HTML page. Impact is UI spoofing with no confirmed exploitation details beyond the description; affect...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.8 views

PT-2026-54147

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description A use after free issue exists in the WebView component. This occurs when a program continues to use a pointer after it has been freed, which can lead to memory corruption. A...

9.8CVSS6.3AI score0.00479EPSS
Exploits0References446
nvd
nvd
added 2026/06/26 8:16 a.m.11 views

CVE-2026-57872

An unauthenticated directory traversal vulnerability exists in getfcont.cgi in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient validation of user-supplied file path input before the requested file is accessed by the CGI component. A remote attack...

7.5CVSS0.00969EPSS
Exploits0References1
euvd
euvd
added 2026/06/17 3:29 p.m.11 views

EUVD-2026-37745

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

7.8CVSS5.4AI score0.00098EPSS
Exploits0References1
nvd
nvd
added 2026/06/10 6:17 p.m.13 views

CVE-2026-46618

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security sweep, pkg/builder/builder.go passed Environment.spec.builder.command directly into exec.Command...

6.9CVSS0.00364EPSS
Exploits0References3
nvd
nvd
added 2026/06/09 12:16 a.m.11 views

CVE-2026-11650

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00314EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/06 6:43 p.m.13 views

CVE-2026-45750

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in the Termix File Manager component unsafely processes the path parameter and embeds it into a shell command...

9CVSS5.6AI score0.00294EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.12 views

CVE-2026-6290

Velociraptor versions prior to 0.76.3 contain a vulnerability in the query plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with access in one org, to use the query plugin, in a notebook cell, to run VQL queries on other orgs which th...

9.1CVSS5.5AI score0.00224EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/05 12:0 a.m.12 views

Internationalized Domain Names in Applications 安全漏洞

Internationalized Domain Names in Applications is a tool for encoding and decoding internationalized domain names, developed by Kim Davies as a personal project. Versions of Internationalized Domain Names in Applications prior to version 3.15 contained a security vulnerability. This vulnerability...

6.9CVSS6.2AI score0.00408EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/04 11:3 p.m.38 views

CVE-2026-10923

Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: High...

0.00351EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/03 12:0 a.m.8 views

Acronis DeviceLock DLP 代码问题漏洞

Acronis DeviceLock DLP is a terminal security protection system developed by the Swiss company Acronis. It is designed to control access to peripherals and prevent data breaches. Versions of Acronis DeviceLock DLP prior to 9.0.15051.93227 contained code vulnerabilities, specifically an EXE...

7.3CVSS7.3AI score0.00106EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.11 views

PT-2026-46527

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An out of bounds read exists in the Media component. This allows an attacker located on the local network segment to perform an out of bounds memory read by sending malicious network...

9.6CVSS5.8AI score0.00985EPSS
Exploits0References434
ptsecurity
ptsecurity
added 2026/06/02 12:0 a.m.23 views

PT-2026-45755

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/01 7:17 a.m.13 views

CVE-2026-27788

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS5.8AI score0.00097EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.13 views

Music Player Daemon 安全漏洞

Music Player Daemon is an open-source music playback daemon. Versions of Music Player Daemon prior to 0.24.11 contained a security vulnerability. This vulnerability stemmed from an issue with the xspfchardata function in the XSPF playlist plugin, allowing attackers to embed text CR/LF bytes in...

6.9CVSS5.8AI score0.0026EPSS
Exploits0References7
Rows per page
Query Builder