Lucene search
K

257654 matches found

CVE
CVE
added yesterday35 views

CVE-2026-45363

CVE-2026-45363 affects the ruby-jwt gem (Ruby implementation of JWT). Prior to versions 2.10.3 and 3.2.0, JWT.decode(token, '', true, algorithm: 'HS256') can accept attacker-forged tokens because OpenSSL::HMAC.digest('SHA256', '', payload) yields a valid digest with an empty key, and empty-key pa...

9.1CVSS6.9AI score0.00018EPSS
Exploits0References5
NVD
NVD
added yesterday4 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-59889

CVE-2026-59889 affects jackson-databind. UnwrappedPropertyHandler.processUnwrapped replays buffered JSON for a @JsonUnwrapped property and may bypass @JsonView guards during deserialization, enabling writes from attacker JSON under a less-privileged active view. Fixed in 2.18.9, 2.21.5, 2.22.1, 3...

6.5CVSS6.1AI score
Exploits0References4
CVE
CVE
added yesterday12 views

CVE-2026-50526

CVE-2026-50526 describes an issue in .NET where improper link resolution before file access ("link following") can allow an authorized local attacker to tamper with files. Multiple sources document the same description and note a local attack vector with high impact on confidentiality, integrity,...

7CVSS6AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-47300

Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate privileges over a network...

8.8CVSS
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-48489

CVE-2026-48489 (Symfony) : A logic flaw in the DefaultAuthenticationFailureHandler with failure_forward enabled allowed an unauthenticated login failure to dispatch a subrequest to access_control-protected GET routes, bypassing firewall listeners. This affected Symfony versions prior to 5.4.53, 6...

8.7CVSS6.1AI score0.00058EPSS
Exploits0References5
NVD
NVD
added yesterday5 views

CVE-2026-58530

Heap-based buffer overflow in Windows Resilient File System ReFS allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-55134

Stack-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-55140

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-55022

Access of resource using incompatible type 'type confusion' in Microsoft Office allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-54131

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-50498

Windows Universal Disk Format File System Driver UDFS Elevation of Privilege Vulnerability...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-55001

Improper certificate validation in Windows Active Directory allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50520

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code allows an unauthorized attacker to execute code locally...

8.4CVSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-50308

Integer underflow wrap or wraparound in Windows NTFS allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-49798

Use after free in Windows Kernel allows an unauthorized attacker to elevate privileges locally...

9.3CVSS
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-57102

CVE-2026-57102 affects Visual Studio Code. Likely risk: security feature bypass via inclusion of functionality from an untrusted control sphere, exploitable over a network with user interaction required. CVSS v3.1: 8.8 ( HIGH, NETWORK, AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H ). Connected sources note...

8.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-57101

Visual Studio Code is affected by CVE-2026-57101, a cross-site scripting flaw caused by improper neutralization of input during web page generation. The vulnerability allows a local attacker to bypass a security feature, requiring user interaction for exploitation (CVSS TV: Local access, Low expl...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-55949

CVE-2026-55949 affects Microsoft Office Excel. The issue is described as a use of an uninitialized resource enabling local code execution. CVSS 3.1 base score 7.8 (HIGH) with local attack vector, low attack complexity, no privileges required but user interaction is required. Exploitation details ...

7.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-55054

CVE-2026-55054 is an information-disclosure vulnerability in Microsoft Office Excel caused by an out-of-bounds read. The issue affects Excel and can leak data over a network; exploitation requires user interaction (per CVSS metrics: Network vector, Low attack complexity, No privileges, User inter...

6.5CVSS6.1AI score
Exploits0References1
Rows per page
Query Builder