Lucene search
K

361 matches found

Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-14647

A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInferenceopset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely. The exploit has bee...

5.3CVSS5.5AI score0.00253EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14021

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54214

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Passwords component allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML page...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53111

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the Grammar Action Block Handler component within the file tool/src/org/antlr/v4/codegen/model/OutputFile.java. A remote attacker can perform a manipulation that leads to code...

7.5CVSS7.5AI score0.00311EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52603

Name of the Vulnerable Software and Affected Versions ML-KEM affected versions not specified Description An issue exists in the ARM64 NEON ciphertext comparison where only half of the input is compared. This failure breaks the implicit rejection of the Fujisaki-Okamoto transform—a method used to...

6.5CVSS5.8AI score0.0013EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/06/23 9:24 p.m.7 views

jackson-databind's renamed @JsonIgnore'd setters can deserialize via private fields

Summary POJOPropertiesCollector.renameProperties allows a property with @JsonProperty"renamed" on the getter and @JsonIgnore on the setter to be renamed rather than dropped. With MapperFeature.INFERPROPERTYMUTATORS enabled default, the private backing field is retained; during deserialization...

5.3CVSS5.9AI score0.00282EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50550

Name of the Vulnerable Software and Affected Versions CakePHP versions prior to 4.5.11 CakePHP versions 4.6.0 through 4.6.3 CakePHP versions 5.0.0 through 5.1.6 CakePHP versions 5.2.0 through 5.2.12 CakePHP versions 5.3.0 through 5.3.5 Description The getElementFileName function in the View class...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References6
CVE
CVE
added 2026/06/16 7:27 p.m.12 views

CVE-2026-46912

Technical details are not publicly available in the provided documents. Monitor Oracle security alert CSPujun2026.html for updates.

9.3CVSS5.1AI score0.00262EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2026/06/08 12:55 p.m.88 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Strapi

CVE-2026-27886 Automated Exploit - Usage Guide What This S...

9.2CVSS5.5AI score0.00612EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.12 views

CVE-2025-62345

HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors...

2.7CVSS5.4AI score0.00218EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:56 a.m.9 views

CVE-2025-52606 HCL iControl was affected by Weak Input Validation vulnerability. .

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/31 3:30 a.m.16 views

EUVD-2026-33487

A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. This impacts the function signauthcookie of the file application/controllers/Login.php of the component MYController. Executing a manipulation of the argumen...

7.5CVSS5.5AI score0.00409EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in LibreOffice

LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted using a single master key provided by the user. There was a flaw in LibreOffice where the required initialization vector for encryption was always the same,...

7.5CVSS7.7AI score0.00804EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.15 views

Microsoft Word 安全漏洞

Microsoft Word is a word processing software within the Office suite developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Word. Attackers can exploit these vulnerabilities to execute code remotely. The following products and versions are affected: Microsoft SharePoi...

8.4CVSS5.9AI score0.00453EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/04/19 12:0 a.m.22 views

GuardPhish: Securing Open-Source LLMs from Phishing Abuse

The rapid adoption of open-source Large Language Models LLMs in offline and enterprise environments has introduced a largely unexamined security risk like susceptibility to adversarial phishing prompts under static safety configurations. In this work, we systematically investigate this...

5.8AI score
Exploits0
Veracode
Veracode
added 2026/04/14 11:1 a.m.8 views

Improper Certificate Validation

Apache Log4j Core is vulnerable to Improper Certificate Validation. The vulnerability is due to ignored hostname verification settings in TLS configuration, which allows an attacker to perform a man-in-the-middle attack by presenting a trusted certificate and intercepting secure communications...

6.3CVSS5.8AI score0.00395EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 7:30 p.m.1 views

CVE-2026-5194

Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA certificate-based authentication...

9.3CVSS5.8AI score0.00468EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/03/27 5:48 a.m.6 views

Cross-Site Request Forgery (CSRF)

1Panel is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to missing CSRF protections such as anti-CSRF tokens or Origin/Referer validation in the port-change endpoint, which allows an attacker to trick an authenticated user into submitting a malicious request that changes...

7.1CVSS7.1AI score0.00144EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/03/24 1:17 a.m.4 views

UBUNTU-CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References5
OSV
OSV
added 2026/03/19 5:54 p.m.4 views

GHSA-F27W-VCWJ-C954 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References6
Rows per page
Query Builder