Lucene search
K

713 matches found

CVE
CVE
added yesterday14 views

CVE-2026-14906

The vulnerability CVE-2026-14906 affects Firefox for iOS. Pages with malicious titles could cause saved webpages-as-PDF content to overwrite existing PDF files or bundled content within the Firefox for iOS app sandbox. Affected component is the PDF-saving process; root cause details are not expli...

5.3CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/06 7:17 p.m.7 views

CVE-2026-54060

Pillow is a Python imaging library. Prior to 12.3.0, PIL/FontFile.py FontFile.compile assembled per-glyph images into a combined bitmap with Image.new"1", xsize, ysize without calling Image.decompressionbombcheck, allowing a font to trigger excessive allocation during conversion or saving. This...

7.5CVSS0.00361EPSS
Exploits1References3
NVD
NVD
added 2026/07/02 12:16 a.m.10 views

CVE-2026-55794

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 11:26 p.m.37 views

CVE-2026-55794 Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 11:26 p.m.35 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-12479

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A path traversal vulnerability exists in keras-team/keras version 3.14.0, specifically in the DiskIOStore.make method within the Keras 3 model saving and loadin...

6.1CVSS6.6AI score0.00263EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:21 p.m.21 views

CVE-2026-12479

A path traversal vulnerability exists in keras-team/keras 3.14.0, in DiskIOStore.make, due to unsanitized user-provided layer names used to build directory paths (parent components not sanitized). Although forward slashes are restricted, directory traversal sequences can escape the intended tempo...

6.1CVSS6.5AI score0.00263EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/22 12:51 a.m.6 views

[SECURITY] Fedora 44 Update: buildah-1.43.2-1.fc44

The buildah package provides a command line tool which can be used to create a working container from scratch or create a working container from an image as a starting point mount/umount a working container's root file system for manipulation save container's root file system layer to create a ne...

5.7AI score
Exploits0
Ubuntu
Ubuntu
added 2026/06/01 3:4 p.m.17 views

USN-8359-1: NNCP vulnerability

It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote attacker could possibly use this issue to read or write arbitrary files outside of the intended directory...

6.4CVSS5.8AI score0.00243EPSS
Exploits0
CVE
CVE
added 2026/05/27 2:37 p.m.29 views

CVE-2026-49103

CVE-2026-49103 affects Webmin prior to 2.640. The issue occurs in the mailboxes/detachall.cgi path where a filename is not safely constructed when saving an attachment, enabling a high-severity impact as indicated by the CVSS: 9.4 (CRITICAL) with CONFIDENTIALITY/INTEGRITY/AVAILABILITY impact. Det...

9.4CVSS5.8AI score0.00303EPSS
Exploits0References2
Redos
Redos
added 2026/05/24 12:0 a.m.9 views

ROS-20260524-73-0047

Vulnerability in grafana related to improper saving of permissions. Exploitation of the vulnerability could allow an attacker to escalate privileges...

7.6CVSS6.8AI score0.00612EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89 – freed unused skb objects to prevent memory leaks. This prevents potential memory leaks under power-saving mode...

5.2AI score0.00166EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.15 views

May 12, 2026—KB5087541 (OS Build 25398.2330)

None None...

9.8CVSS6.8AI score0.99962EPSS
Exploits60
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.80 views

📄 Pixa Bank 2.0 SQL Injection

Pixa Bank version 2.0 remote API SQL injection exploit. ================================================================================================================================== | Title : Pixa Bank 2.0 – API SQL Injection | | Author : indoushka | | Tested on : windows 11 FrPro / browser ...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-425 URLs containing percent-encoded slashes (`/` or `\`) can trick wcurl into saving the output file...

URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...

4.6CVSS5.8AI score0.00302EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipset developed by Qualcomm Incorporation. There is a security vulnerability in Qualcomm Chipsets, which stems from processing IOCTL commands when the device is in power-saving mode, resulting in memory corruption...

7.8CVSS5.8AI score0.00071EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.3 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010693)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010693 advisory. In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of...

5.5CVSS6.4AI score0.00225EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/18 3:16 a.m.6 views

CVE-2026-40492

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves pixel format based on pixmapdepth but the byte-swap code uses bitsperpixel independently. When...

9.8CVSS6AI score0.00332EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/18 3:16 a.m.8 views

CVE-2026-40494

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE decoder in tga.c has an asymmetric bounds check vulnerability. The run-packet path line 297 correctl...

9.8CVSS5.8AI score0.00314EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/18 3:16 a.m.5 views

CVE-2026-40493

SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes bytes-per-pixel bpp from raw header fields channels depth, but the pixel buffer is allocated base...

9.8CVSS6AI score0.00367EPSS
Exploits0References2
Rows per page
Query Builder