Lucene search
K

53699 matches found

OSV
OSV
added 2026/06/09 5:16 a.m.8 views

DEBIAN-CVE-2026-41850

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS5.5AI score0.0036EPSS
Exploits0References1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.16 views

CVE-2026-47838: Unauthorized User Impersonation when Using X.509 Client Certificates

This CVE is a continuation of CVE-2026-22747 , which addressed this same issue for Spring Security 7.0.x. SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted...

6.8CVSS5.2AI score0.00116EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.9 views

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00256EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/08 3:46 p.m.9 views

CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS5.3AI score0.00389EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.10 views

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by the American company Google. Google Chrome has a vulnerability related to network conditions, known as a “network condition vulnerability.”...

8.3CVSS5.3AI score0.00148EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:50 a.m.13 views

SUSE CVE-2026-10950

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.5AI score0.00296EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.9 views

SUSE CVE-2026-11260

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00182EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/06 9:30 p.m.10 views

CVE-2026-36229

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.4AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/06 12:0 a.m.18 views

PT-2026-47451

CVE-2026-36229 - VMware Aria Operations For Logs Directory Traversal CVE ID :CVE-2026-36229 Published : June 6, 2026, 9:16 p.m. | 2 hours, 14 minutes ago Description :Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further...

5.4AI score
Exploits0References1
Wolfi
Wolfi
added 2026/06/05 7:48 p.m.9 views

CVE-2026-10019 vulnerabilities

Vulnerabilities for packages: chromium...

8.8CVSS5.4AI score0.0019EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45387

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, when setting model permissions so that a group has read access to it, intending for other users to use it, those users also can read the model's system prompt. However users may...

4.3CVSS5.4AI score0.0022EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 2:30 p.m.9 views

CVE-2026-38500

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

5.4AI score
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.12 views

Chromium: CVE-2026-11026 Insufficient policy enforcement in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.00166EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/05 2:0 p.m.12 views

Chromium: CVE-2026-10911 Insufficient validation of untrusted input in Media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.3CVSS5.4AI score0.00305EPSS
Exploits0
OSV
OSV
added 2026/06/05 12:11 p.m.4 views

SUSE-SU-2026:2280-1 Security update for ignition

This update for ignition fixes the following issue - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265751...

7.5CVSS5.5AI score0.00781EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34709

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00241EPSS
Exploits0References3
NVD
NVD
added 2026/06/05 12:17 a.m.9 views

CVE-2026-11256

Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

8.3CVSS0.00212EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 12:0 a.m.8 views

UBUNTU-CVE-2026-49837

Unknown description...

5.4AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.14 views

PT-2026-47188

CVE-2026-38500 - Cisco IOS XE Software Privilege Escalation Vulnerability CVE ID :CVE-2026-38500 Published : June 5, 2026, 2:16 p.m. | 1 hour, 6 minutes ago Description :Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further...

5.4AI score
Exploits0References1
OSV
OSV
added 2026/06/04 11:17 p.m.5 views

DEBIAN-CVE-2026-11204

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References1
Rows per page
Query Builder