Lucene search
K

9999 matches found

NVD
NVD
added 1 hour ago9 views

CVE-2026-45776

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD...

5.3CVSS
Exploits0References3
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-46391 HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

8.7CVSS
Exploits0References1
NVD
NVD
added 6 hours ago3 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS
Exploits0References1
Cvelist
Cvelist
added 8 hours ago6 views

CVE-2026-6209

...

Exploits0
Cvelist
Cvelist
added 8 hours ago3 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 8 hours ago2 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS5.5AI score
Exploits0References2
CVE
CVE
added 11 hours ago9 views

CVE-2026-25658

CVE-2026-25658 affects Ericsson Packet Core Gateway (PCG) versions prior to 1.30. The issue is an Improper Handling of Missing Values (CWE-230) where a client can send specially crafted messages to cause service degradation. The impact persists while the attack continues, with crashes recovering ...

7.1CVSS5.4AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 11 hours ago4 views

CVE-2026-21030

Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions...

6.4CVSS5.5AI score
Exploits0References2
Cvelist
Cvelist
added 11 hours ago6 views

CVE-2026-21026

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

6.4CVSS
Exploits0References1
Nuclei
Nuclei
added 19 hours ago12 views

Formidable Forms < 2.05.02 - Cross-Site Scripting

Formidable Form Builder for WordPress versions before 2.05.03 contains a stored cross-site scripting caused by insufficient input sanitization and output escaping in form parameters like 'afterhtml', letting unauthenticated attackers inject and execute arbitrary scripts in victims' browsers id:...

8.3CVSS5.5AI score0.24408EPSS
Exploits2References3
CVE
CVE
added 19 hours ago13 views

CVE-2026-50593

Graphite 1.3.15 changes and the commit.

7.3CVSS5.8AI score
Exploits0References2
CVE
CVE
added 20 hours ago8 views

CVE-2026-50591

Znuny LTS is affected by CVE-2026-50591: stored XSS via user preferences in versions prior to 6.5.21 and prior to 7.3.3. The CVSS vector indicates a LOW privileges requirement with user interaction and network attack vector, leading to a Confidentiality/Integrity impact in practice, with Availabi...

5.4CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added 21 hours ago6 views

EUVD-2026-34747

Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 21 hours ago4 views

EUVD-2026-34652

Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 21 hours ago3 views

EUVD-2026-34635

Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 21 hours ago3 views

EUVD-2026-34615

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 21 hours ago3 views

EUVD-2026-34511

Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 21 hours ago3 views

EUVD-2026-34453

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 21 hours ago3 views

EUVD-2026-34396

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score
Exploits0References3
NVD
NVD
added 21 hours ago5 views

CVE-2026-11273

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS
Exploits0References2
Rows per page
Query Builder