Lucene search
+L

5764 matches found

redhatcve
redhatcve
added 2026/06/07 5:13 a.m.11 views

CVE-2026-11213

An insufficient validation of untrusted input flaw was found in the Reading Mode component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507382702...

9.6CVSS5.4AI score0.00195EPSS
Exploits0References5
susecve
susecve
added 2026/06/07 4:44 a.m.10 views

SUSE CVE-2026-11123

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.0025EPSS
Exploits0References2
susecve
susecve
added 2026/06/07 4:41 a.m.14 views

SUSE CVE-2026-11213

Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00195EPSS
Exploits0References2
susecve
susecve
added 2026/06/07 4:40 a.m.9 views

SUSE CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.5AI score0.00234EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/06 12:44 a.m.17 views

CVE-2026-11272

An insufficient validation of untrusted input flaw was found in the Reading List component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501747321...

8.8CVSS5.4AI score0.00234EPSS
Exploits0References4
euvd
euvd
added 2026/06/05 8:3 p.m.11 views

EUVD-2026-34914

Two path traversal vulnerabilities in the Network Installation Service NIS of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on the server filesystem and to read package archive files from the server. No authentication, session...

10CVSS6.4AI score0.00709EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:40 p.m.12 views

CVE-2025-0898

The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Arbitrary File Reading in all versions up to, and including, 1.4.7 via the Draw SVG widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on...

6.5CVSS5.6AI score0.00281EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:34 p.m.8 views

CVE-2026-10075

DreamMaker developed by Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to read file names under arbitrary path by exploiting an Absolute Path Traversal vulnerability...

6.9CVSS5.6AI score0.00387EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

7.7CVSS5.5AI score0.00266EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

7CVSS5.8AI score0.00295EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:14 p.m.13 views

CVE-2026-40823

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DevSerialReset function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table. This can resu...

7CVSS5.8AI score0.00239EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:13 p.m.13 views

CVE-2026-40833

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

7.1CVSS5.8AI score0.00223EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:13 p.m.11 views

CVE-2026-40824

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS5.8AI score0.00239EPSS
Exploits0References1
snyk
snyk
added 2026/06/05 4:20 p.m.10 views

Directory Traversal

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Directory Traversal in the process that handles SQLite source filenames. An attacker can gain unauthorized access to or modify internal application data by supplying a crafted filename that points to arbitrary files...

5.4CVSS6.1AI score0.00324EPSS
Exploits0References2
mscve
mscve
added 2026/06/05 2:0 p.m.14 views

Chromium: CVE-2026-11213 Insufficient validation of untrusted input in Reading Mode

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.00195EPSS
Exploits0
ubuntu
ubuntu
added 2026/06/05 8:11 a.m.12 views

USN-8394-1: YARD vulnerability

It was discovered that YARD incorrectly sanitized paths in its built-in documentation server. An attacker could possibly use this issue to read arbitrary files from the server host...

7.5CVSS5.5AI score0.00388EPSS
Exploits0
euvd
euvd
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34733

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00234EPSS
Exploits0References3
euvd
euvd
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34674

Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00195EPSS
Exploits0References3
euvd
euvd
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34425

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00336EPSS
Exploits0References3
nvd
nvd
added 2026/06/05 12:17 a.m.15 views

CVE-2026-11272

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00234EPSS
Exploits0References2
Rows per page
Query Builder