Lucene search
+L

922 matches found

cve
cve
added yesterday9 views

CVE-2026-8920

The vulnerability CVE-2026-8920 concerns ASUS Aura Wallpaper Service. It describes Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path, enabling a local user to perform file operations by sending crafted commands that contain an arbitrary ...

8.5CVSS6.2AI score0.0009EPSS
Exploits0References1
cvelist
cvelist
added yesterday28 views

CVE-2026-8920

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS0.0009EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13896

Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00242EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 10:39 p.m.27 views

CVE-2026-14066

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

0.00244EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:38 p.m.21 views

CVE-2026-13896

The connected sources confirm CVE-2026-13896 affects Google Chrome (Chromium-based) with insufficient policy enforcement in “Glic” prior to version 150.0.7871.47, enabling a remote attacker to bypass navigation restrictions via a crafted HTML page. The impact is described as medium. The vulnerabi...

6.5CVSS5.8AI score0.00242EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/30 11:48 a.m.9 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui:admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS5.9AI score0.00173EPSS
Exploits0References2
nessus
nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16 Security Update : mcphost (SUSE-SU-2026:22193-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22193-1 advisory. This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506:...

10CVSS5.9AI score0.00781EPSS
Exploits0References45
nvd
nvd
added 2026/06/23 5:17 p.m.8 views

CVE-2026-49465

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

7.7CVSS0.00495EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/23 5:14 p.m.36 views

CVE-2026-49859 Deno: `fetch()` API sandbox bypass via missing DNS resolution check

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, when fetch was called, Deno checked the destination hostname against --deny-net rules but did not re-check the IP addresses that hostname resolved to. An attacker-controlled script could use a specially crafted domain name...

5.2CVSS0.00101EPSS
Exploits0References1
osv
osv
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
osv
osv
added 2026/06/15 8:5 p.m.26 views

GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

9.8CVSS5.8AI score0.00585EPSS
Exploits0References2
snyk
snyk
added 2026/06/12 11:11 a.m.8 views

Improperly Implemented Security Check for Standard

Overview org.apache.cxf:cxf-rt-rs-security-oauth2 is a services framework. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard due to a logic error in the OAuthRequestFilter request handler. An attacker can bypass intended IP address restrictions...

9.8CVSS5.4AI score0.00668EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/12 6:30 a.m.8 views

CVE-2026-12059 Cellopoint|CelloOS - Improper Access Control

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...

8.8CVSS5.5AI score0.0045EPSS
Exploits0References2
susecve
susecve
added 2026/06/07 4:42 a.m.12 views

SUSE CVE-2026-11184

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.5AI score0.00158EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:35 p.m.9 views

CVE-2026-5296

GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that when foundational flows were enabled at the group level, could have allowed an authenticated user with developer-role permissions to bypass flow...

4.3CVSS5.5AI score0.00196EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/04 11:6 p.m.9 views

CVE-2026-11257

Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00189EPSS
Exploits0
cvelist
cvelist
added 2026/06/04 11:4 p.m.36 views

CVE-2026-11018

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

0.0028EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.8 views

Pterodactyl Panel 安全漏洞

Pterodactyl Panel is an open-source game server management panel developed by Pterodactyl. Versions of Pterodactyl Panel prior to 1.12.3 contained security vulnerabilities. These vulnerabilities stemmed from a complete failure of the database locking mechanism, which could allow users to bypass...

2.3CVSS5.4AI score0.00212EPSS
Exploits0References1
snyk
snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview abuden28 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertising...

9.8CVSS5.8AI score
Exploits0References2
cve
cve
added 2026/05/28 9:6 p.m.77 views

CVE-2026-44849

CVE-2026-44849 describes an endpoint security bypass in Portainer: non-admin users with Swarm endpoint access can create/update services and bypass EndpointSecuritySettings checks, allowing elevated capabilities, broken syscall confinement, and bind mounts to host paths. Affected are Portainer re...

9.4CVSS5.8AI score0.00347EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder