Lucene search
K

170253 matches found

SUSE CVE
SUSE CVE
added 2026/07/02 6:35 a.m.4 views

SUSE CVE-2026-56377

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

3.3CVSS6.1AI score0.00164EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 11:16 p.m.9 views

CVE-2026-14408

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:22 p.m.17 views

CVE-2026-58457

CVE-2026-58457 affects Shenzhen Aitemi M300 MT02 (Wi‑Fi Repeater). An unauthenticated OS command injection exists in the commuos web backend via the smacfilter_conf handler. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are unsanitized and pas...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 4:27 p.m.9 views

EUVD-2026-41078

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS6AI score0.00756EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40733

Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2025-210385

picklescan before 0.0.29 fails to detect the built-in trace.Trace.run function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using trace.Trace.run in the reduce method to achieve arbitrary code execution when...

8.1CVSS6.4AI score0.00562EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2025-210390

picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...

8.1CVSS6.1AI score0.00769EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54663

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An out of bounds read in ANGLE allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. ANGLE is a compatibility layer that translates OpenGL ES calls ...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13896

Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00242EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13893

Insufficient validation of untrusted input in WebUI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00293EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.31 views

CVE-2026-56377 ImageMagick - Policy Bypass via Incorrect Path Validation

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS0.00164EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 10:8 p.m.2 views

CVE-2026-56377 ImageMagick - Policy Bypass via Incorrect Path Validation

ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...

4.8CVSS6.1AI score0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 8:19 p.m.6 views

EUVD-2025-210381

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

5.7CVSS5.8AI score0.00407EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:16 p.m.6 views

EUVD-2025-210377

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...

4.3CVSS5.8AI score0.00367EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 11:19 a.m.7 views

EUVD-2026-40292

An SQL Injection vulnerability exists in Redeight CMS version 1.0 via the "userEmail" parameter in the POST "/admin/index.php" login endpoint. The application fails to sanitize user input and directly interpolates it into SQL queries without using prepared statements, which allows unauthenticated...

9.3CVSS6.2AI score0.00399EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:57 a.m.7 views

CVE-2026-14162

Hospital Queuing Management developed by Advantech has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access a specific URL to obtain API documentation...

9.8CVSS5.8AI score0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54010

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.30 Description The software fails to detect the doctest.debug script function during the analysis of pickle files. This allows remote attackers to create malicious pickle files containing calls to doctest.debug...

8.1CVSS6.2AI score0.00769EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54005

Name of the Vulnerable Software and Affected Versions picklescan versions prior to 0.0.29 Description The software fails to detect the built-in trace.Trace.run function during the analysis of pickle files. This allows remote attackers to embed malicious code within the reduce method of a crafted...

8.1CVSS6.2AI score0.00562EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

7.1CVSS5.9AI score0.00226EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Side-channel information leakage in ComputePressure allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update Google Chrome to...

9.6CVSS6AI score0.00413EPSS
Exploits0References447
Rows per page
Query Builder