Lucene search
K

5735 matches found

Debian CVE
Debian CVE
added 2026/06/04 11:4 p.m.8 views

CVE-2026-10999

Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00287EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.10 views

PT-2026-46799

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Reading List allows a remote attacker to perform privilege escalation. This is achieved by convincing a user to engage in specif...

9.6CVSS5.5AI score0.00456EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46808

Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. Chromium security severity: Low...

5.9AI score0.00085EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/03 2:16 p.m.27 views

PYSEC-2026-200

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read emai...

3.1CVSS5.4AI score0.0015EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-45944

Name of the Vulnerable Software and Affected Versions Django versions prior to 5.2.15 Django versions prior to 6.0.6 Description The django.utils.cache.has vary header function does not strip leading or trailing whitespace from Vary response header values before comparison. This allows remote...

5.3CVSS5.6AI score0.00354EPSS
Exploits0References40
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

GLPI 安全漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases to manage various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

7CVSS5.3AI score0.00251EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 4:8 p.m.19 views

CVE-2026-40314

NamelessMC (Minecraft server website software) 2.2.4 is affected by an authorization issue where core/classes/Misc/ProfilePostReactionContext.php only verifies the wall post exists and fails to enforce blocked/private-profile visibility, while modules/Core/queries/reactions.php permits unauthenti...

6.9CVSS5.8AI score0.00272EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 3:19 p.m.8 views

CVE-2026-33398

NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/pages/forum/getquotes.php only checks whether the caller is logged in, then reads a post by attacker-controlled post ID and returns its content. The backend helper in modules/Forum/classes/Forum.php does not...

7.1CVSS5.8AI score0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from excessive reading by Chromecast, which could allow remote attackers with compromised rendering processes to...

6.5CVSS5.3AI score0.00229EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for untrusted inputs during the reading mode, which could allow remote attackers to...

9.6CVSS5.3AI score0.00195EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a security vulnerability that stems from excessive reading of memory resources...

8.8CVSS5.3AI score0.00291EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.10 views

Debian dsa-6319 : libyelp-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6319 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/...

5.8AI score
Exploits0References3
CVE
CVE
added 2026/06/01 7:9 p.m.20 views

CVE-2026-49136

Banana Slides (v0.4.0) contains a path traversal in ai service backend’s generate_image() that lets unauthenticated attackers read arbitrary image files outside the uploads directory. Root cause: incomplete path prefix check via os.path.startswith(), without a trailing separator, allowing crafted...

8.7CVSS5.9AI score0.00417EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 5:13 p.m.10 views

CVE-2026-45810 Nextcloud: Propfind requests for file comments allowed to load comments for other files

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It is recommended th...

6.8CVSS5.7AI score0.00252EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 9:4 a.m.14 views

CVE-2026-40547 Path Traversal in SOPlanning

SOPlanning is vulnerable to Path Traversal in backup endpoints. Authenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow reading and executing files previously added through the backup functionality. Critically, due to CVE-2026-40543 Missing...

6.4CVSS5.8AI score0.00447EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/01 1:15 a.m.28 views

openjdk: Enhance Zip file reading (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK:...

3.7CVSS7.3AI score0.00269EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/29 10:45 p.m.28 views

praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue linking, reading, and deletion due to missing ownership checks

Summary Type: Insecure Direct Object Reference. The dependency endpoints POST/GET /workspaces/workspaceid/issues/issueid/dependencies and DELETE .../dependencies/depid gate access on requireworkspacememberworkspaceid only, then dispatch to DependencyService calls that take URL/body-supplied issue...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/29 10:51 a.m.22 views

CVE-2025-41271

Nozomi Networks Labs identifies a CWE-23 Relative Path Traversal affecting Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) via the Console WebUI. An unauthenticated remote attacker could read arbitrary files on the device through this vulnerability. The provided documents do not sp...

8.7CVSS6AI score0.00434EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.13 views

SUSE CVE-2026-46130

In the Linux kernel, the following vulnerability has been resolved: dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never split across parity blocks. This assumption is false. Consider...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46130

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never spl...

7.1CVSS6.1AI score0.00117EPSS
Exploits0References4
Rows per page
Query Builder