Lucene search
K

494 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS0.00224EPSS
Exploits0References6
CVE
CVE
added 3 days ago12 views

CVE-2026-14793

The vulnerability affects Craft CMS up to version 4.18.0.1, specifically the function actionReorderSets in src/controllers/GlobalsController.php of the reorder-sets Endpoint. The issue results in an authorization bypass and can be exploited remotely. A fix is available in version 4.18.1, with the...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-14793

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41804

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS5.7AI score0.00224EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-14793 Craft CMS reorder-sets Endpoint GlobalsController.php actionReorderSets authorization

A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. Upgrading to versio...

5.3CVSS0.00224EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 2:41 a.m.106 views

CVE-2026-14191

CVE-2026-14191 describes an out-of-bounds heap write in WinRAR/UnRAR’s RAR5 recovery-volume (.rev) parser (RecVolumes5::ReadHeader). The RecItems vector is sized based on the first .rev file; subsequent .rev files supply an independent RecNum that is validated against that file’s TotalCount but n...

7.8CVSS5.8AI score0.00286EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40746

Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00247EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14059

Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14059

Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.21 views

CVE-2026-14059

Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.14 views

CVE-2026-14059

CVE-2026-14059 concerns Google Chrome (Chromium) and describes insufficient policy enforcement in the Related-Website-Sets mechanism. The vulnerability allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software version: Chrome prior to 150.0.7871.47 (Chromium ba...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.4 views

CVE-2026-14059

Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00247EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54334

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Related-Website-Sets allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Cross-origin data leakage occurs when ...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.9 views

SUSE CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.8AI score0.00122EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-49295

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in...

7.1CVSS6AI score0.00227EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables – Disallowed timeout for anonymous sets. These parameters have never been used in the user space; hence, they are not allowed...

2.5CVSS6.1AI score0.0024EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 7:8 a.m.4 views

SUSE-SU-2026:2440-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2026-5928: libio: Fix ungetwc operating on byte stream bsc1262464, BZ 33998 - CVE-2026-5450: stdio-common: Fix buffer overflow in scanf %mc bsc1262465, BZ 34008 - CVE-2026-4046: Use pending character state in IBM1390, IBM1399 character sets...

9.8CVSS6.1AI score0.00451EPSS
Exploits3References7
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

EulerOS Virtualization 2.13.0 : glibc (EulerOS-SA-2026-2399)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...

9.8CVSS5.6AI score0.00451EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.18 views

EulerOS Virtualization 2.13.1 : glibc (EulerOS-SA-2026-2370)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a...

9.8CVSS5.7AI score0.00451EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.21 views

EulerOS 2.0 SP11 : glibc (EulerOS-SA-2026-2205)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The iconv function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or...

7.5CVSS5.5AI score0.00357EPSS
Exploits1References2
Rows per page
Query Builder