Lucene search
K

417 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-21046

Time-of-check time-of-use race condition in fabricKeymaster trustlet prior to SMR Jul-2026 Release 1 allows local privileged attackers to execute arbitrary code...

8.4CVSS0.00096EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-21043

Path traversal in Wallpaper service prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system server privilege...

6.7CVSS5.9AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-21040

CVE-2026-21040 affects IAFDService; the root cause is improper access control that allows local privileged attackers to use the privileged APIs prior to SMR Jul-2026 Release 1. Documented impact includes access to high-privilege APIs with local execution, and no exploitation or remediation steps ...

6.9CVSS5.9AI score0.00099EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.19 views

PT-2026-49992

Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM versions 17.0 through 26.5 Description An issue exists in the EAI component of the Siebel CRM Integration product. A low privileged attacker with network access via HTTP can exploit this flaw to compromise the system,...

9CVSS5.9AI score0.00403EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35617

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 5:22 p.m.20 views

CVE-2025-54509

CVE-2025-54509 describes improper access control for the IOMMU register interface, potentially allowing a privileged attacker using the AMD secure processor (ASP) to cause non-coherent accesses and induce loss of integrity. The vulnerability stems from access control weaknesses in the IOMMU regis...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:22 p.m.9 views

EUVD-2025-210086

Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor ASP potentially resulting in loss of integrity...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 4:48 p.m.31 views

CVE-2026-47948 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.12 views

CVE-2026-41722

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00302EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-48049

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48050

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48055

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.8 views

CVE-2026-11199

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

5.8AI score0.00189EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

WordPress plugin 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There ar...

4.3CVSS5.8AI score0.00232EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

WordPress plugin SMTP2GO for WordPress – Email Made Easy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/15 2:48 a.m.90 views

CVE-2023-31309

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 2:48 a.m.34 views

EUVD-2023-35620

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS5.8AI score0.00112EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

AMD OverDrive 安全漏洞

AMD OverDrive is a tool provided by American semiconductor company AMD that supports the management and configuration of overclocking settings for CPUs, GPUs, and RAM. There is a security vulnerability in AMD OverDrive, which stems from improper input validation. This vulnerability could allow...

4.6CVSS5.8AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.4 views

CVE-2026-42780

A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.9CVSS5.9AI score0.00886EPSS
Exploits0References2Affected Software2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

SAMSUNG Mobile devices 缓冲区错误漏洞

Samsung Mobile devices are a series of mobile devices produced by Samsung Electronics in South Korea. This includes smartphones, tablets, etc. Versions of Samsung Mobile devices prior to SMR May-2026 Release 1 contained a buffer error vulnerability. This vulnerability stemmed from out-of-bounds...

6.8CVSS6.2AI score0.00155EPSS
Exploits1References2
Rows per page
Query Builder