Lucene search
K

105047 matches found

CVE
CVE
added 5 days ago10 views

CVE-2026-15111

CVE-2026-15111 is a Chrome vulnerability: a use-after-free in Views causing heap corruption when a user is tricked into specific UI gestures on a crafted HTML page. Affected software: Google Chrome prior to 150.0.7871.115. Root cause: use-after-free in Views leading to potential heap corruption. ...

7.5CVSS6AI score0.00178EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-15111

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score0.00178EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-15129

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

0.00225EPSS
Exploits0References2
CVE
CVE
added 5 days ago39 views

CVE-2026-15129

CVE-2026-15129 describes a Use-After-Free in Chrome’s Views component (Chromium) prior to version 150.0.7871.115. A crafted HTML page can trigger heap corruption, enabling a remote attacker to potentially exploit the vulnerability. Affected software: Google Chrome on desktop (Windows, macOS, Linu...

8.8CVSS6AI score0.00225EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-15129

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6AI score0.00225EPSS
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS7.2AI score0.0504EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-15154 Guardrails-detectors: guardrails-detectors: unauthenticated regular-expression denial of service (redos) via detector_params.regex

A flaw was found in guardrails-detectors, a component of Red Hat OpenShift AI. This vulnerability, known as Regular Expression Denial of Service ReDoS, allows a remote attacker to provide specially crafted regular expressions to the public detection API. This can cause catastrophic backtracking,...

6.5CVSS0.00204EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-56000

A flaw was found in the X.org X11 server, specifically within the GLX OpenGL Extension to the X Window System dispatch layer. A remote attacker can exploit this vulnerability by sending a series of crafted X11 requests. This can lead to a use-after-free condition, where the server attempts to wri...

9CVSS5.9AI score0.00192EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago3 views

micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS5.9AI score0.00623EPSS
Exploits0References5
NVD
NVD
added 5 days ago7 views

CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS0.00432EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago4 views

Apache Tomcat: Apache Tomcat: Information disclosure via Padding Oracle vulnerability in EncryptInterceptor

A flaw was found in Apache Tomcat. This Padding Oracle vulnerability, present in the EncryptInterceptor with its default configuration, could allow a remote attacker to decrypt sensitive information. By exploiting weaknesses in the encryption padding, an attacker may be able to gain unauthorized...

7.5CVSS6.1AI score0.0504EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-29007 U-Boot 2026.04-rc3 Out-of-Bounds Read in tcp_rx_state_machine via tcp.c

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS0.00467EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 5 days ago4 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.0031EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42291

An OS command injection vulnerability exists in the sub34984 function of the "rc" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The lanipv6prefixlen configuration parameter is not properly sanitized, which could allow an authenticated remo...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42290

An OS command injection vulnerability exists in the savesyslogtofile function of the "httpd" binary in Cisco RV130/RV130W with firmware 1.0.3.55 and RV110W routers with firmware 1.2.2.5 / 1.2.2.8. The modelname configuration parameter is not properly sanitized, which could allow an authenticated...

7.2CVSS6.2AI score0.00957EPSS
Exploits0References2
NVD
NVD
added 5 days ago9 views

CVE-2026-53482

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Integer overflow or wraparound vulnerability. An unauthenticated attacker...

7.5CVSS0.00338EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-53480

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper limitation of a pathname to a restricted directory 'path...

2.7CVSS0.00263EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago3 views

gstreamer1-plugins-bad-free: GStreamer: Heap buffer overflow via crafted VNC server rectangle in librfb

A heap buffer overflow vulnerability was found in GStreamer's librfb RFB/VNC client. The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

gstreamer1-plugins-bad-free: GStreamer: Signed integer overflow in VMnc decoder cursor payload handling

A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a...

7.1CVSS6AI score0.0031EPSS
Exploits0References5
Rows per page
Query Builder