Lucene search
K

3699 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.6 views

CVE-2026-0204

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions...

8CVSS5.7AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-41011

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...

6.1CVSS5.5AI score0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6888

Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...

7.2CVSS6AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.12 views

CVE-2026-11228

Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.4 views

DEBIAN-CVE-2026-11128

Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00229EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 11:16 p.m.5 views

DEBIAN-CVE-2026-10958

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00361EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10951

Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00312EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:6 p.m.20 views

CVE-2026-11272

CVE-2026-11272 affects Google Chrome on iOS, specifically the Reading List feature. The root cause is insufficient validation of untrusted input, enabling a remote attacker to escalate privileges via a crafted HTML page when a user is guided to perform certain UI gestures. Impact is described as ...

8.8CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11228

Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00154EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11228

Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.5AI score0.00154EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:5 p.m.14 views

CVE-2026-11144

Consolidated details for CVE-2026-11144: A use-after-free in the Media component of Google Chrome (Chromium-based) allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted video file. Affected software: Google Chrome versions before 149.0.7827.53. Root cause: use-a...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:3 p.m.6 views

CVE-2026-10922

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. Chromium security severity: High...

8.8CVSS5.5AI score0.00303EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/04 8:1 a.m.11 views

ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages.

...

7.5CVSS5.4AI score0.00405EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.16 views

PT-2026-46480

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in the Autofill component allows a remote attacker to potentially exploit heap corruption. This occurs when a user is convinced to perform specific UI...

9.6CVSS6.1AI score0.00985EPSS
Exploits0References433
NVD
NVD
added 2026/06/03 4:16 p.m.15 views

CVE-2026-44281

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

7CVSS0.00251EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.12 views

The Role of Domain-Specific Features in Malware Detection: A MacOS Case Study

Despite the growing popularity of macOS among end users and enterprise systems, malware research has primarily focused on Windows and Android operating systems, leaving the problem of macOS malware detection relatively unexplored. Indeed, the specificity of the operating system and the unique...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.9 views

PT-2026-46742

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Incorrect security UI in the File Input component allows a remote attacker to perform UI spoofing via a crafted HTML page, provided they can convince a user to perform specific UI...

9.6CVSS5.8AI score0.00985EPSS
Exploits1References434
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.9 views

CVE-2026-24088

Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader...

8.2CVSS5.8AI score0.00071EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/01 7:4 a.m.16 views

Malicious code in @emcd-vue/auth (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/01 7:4 a.m.12 views

MAL-2026-5163 Malicious code in @emcd-vue/auth (npm)

Part of a coordinated multi-package supply-chain attack impersonating EMCD emcd.io, a legitimate Russian cryptocurrency exchange and mining pool. The attacker registered the @emcd-vue npm scope to pose as an internal Vue.js front-end tooling package from "EMCD Platform Engineering." The package...

6AI score
Exploits0References2
Rows per page
Query Builder