Lucene search
+L

7638 matches found

OSV
OSV
added 2026/06/29 8:17 p.m.5 views

DEBIAN-CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

7.1CVSS7.3AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 7:43 p.m.7 views

EUVD-2026-40211

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

5.7AI score0.00182EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 7:43 p.m.6 views

CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

5.7AI score0.00182EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 7:43 p.m.26 views

CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

0.00182EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 5:51 p.m.6 views

CVE-2026-11720 Path Traversal in googleapis/mcp-toolbox HTTP Tool URL Builder

A path traversal vulnerability exists in the HTTP tool URL builder of googleapis/mcp-toolbox. When constructing downstream API requests, the URL builder substitutes user-controlled pathParams into the configured tool path and parses the resulting string as a relative URL. While it checks that the...

9.3CVSS6AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 5:15 p.m.36 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 10:16 a.m.9 views

CVE-2026-57346

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...

7.1CVSS0.00265EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/29 9:50 a.m.9 views

EUVD-2026-40060

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:50 a.m.7 views

CVE-2026-57346

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Epiphyt Embed Privacy allows Path Traversal. This issue affects Embed Privacy: from n/a through 1.12.3...

7.1CVSS5.8AI score0.00265EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 5:8 a.m.7 views

golang.org/x/net/idna: golang: net/http: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing

A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname for example, xn--example-.com returns example.com instead of an error. Applications that validate the ASCII form then convert to Unicode may grant acce...

9.6CVSS6.4AI score0.00478EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.16 views

PT-2026-53702

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description A malicious website may be able to process restricted web content outside the sandbox. A sandbox is a...

7.1CVSS5.9AI score0.00182EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.12 views

PT-2026-53720

Name of the Vulnerable Software and Affected Versions Safari versions prior to 26.5.2 iOS versions prior to 26.5.2 iPadOS versions prior to 26.5.2 macOS Tahoe versions prior to 26.5.2 Description Improved input validation was implemented to address a flaw where a malicious website could process...

7.1CVSS6.1AI score0.00314EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/26 10:12 p.m.11 views

EUVD-2026-38059

Statamic CMS: Missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:17 p.m.9 views

CVE-2026-44736

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:57 p.m.9 views

CVE-2026-55838

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/26 7:27 p.m.4 views

CVE-2026-44736 OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS6.1AI score0.00286EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:27 p.m.25 views

CVE-2026-44736 OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects

OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated user to retrieve relations — and the subject title of work packages they have no permission to view — by supplying an arbitrary work package ID in the...

6.5CVSS0.00286EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 6:33 p.m.2 views

GHSA-48Q5-W887-33WV Incus has a restricted project bypass leading to arbitrary command execution

Summary Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for arbitrary command execution on the Incus server by abusing lowlevel hooks such as raw.lxc and raw.qemu. Details Instance snapshots ignore the restricted.containers.lowlevel=block setting; allowing for...

9.9CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2026/06/26 4:16 p.m.6 views

DEBIAN-CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 3:50 p.m.7 views

CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder