Lucene search
K

414 matches found

Positive Technologies
Positive Technologies
added 4 days ago4 views

PT-2026-54232

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An issue in the PageInfo security UI allows a remote attacker to perform UI spoofing. This occurs when a user is convinced to perform specific UI gestures while interacting with a craft...

4.2CVSS6AI score0.00199EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago3 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 6:37 p.m.6 views

gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs

A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier URI or Service SRV Subject Alternative Names SANs. This could cause the certificate validation process to incorrectly fall back to...

7.1CVSS5.8AI score0.00354EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Firefox

Search queries in the default search engine might appear to be the currently navigated URL, provided that the search query itself is a properly formed URL. This could lead to a site spoofing another site, if it was maliciously set as the default search engine. This vulnerability affects Firefox...

3.1CVSS6.1AI score0.00382EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

When a network error occurred during page loading, the previous content could remain visible, accompanied by a blank URL bar. This could be used to disguise a spoofed website. This vulnerability affects Firefox versions earlier than 126...

7.5CVSS7.1AI score0.00541EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird, Firefox

By confusing the browser, the fullscreen notification could have been delayed or suppressed, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox versions earlier than 108...

4.3CVSS6.2AI score0.00699EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

In several cases, browser prompts might have been obscured by pop-ups controlled by content. This could lead to potential user confusion and spoofing attacks. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

4.3CVSS6.5AI score0.00631EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have caused user confusion and potentially led to spoofing attacks. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

4.3CVSS6.4AI score0.00937EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Using tables within an iframe, an attacker could cause the iframe contents to be rendered outside the boundaries of the iframe, leading to potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

6.5CVSS6.6AI score0.0057EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox

The incorrect domain might have been displayed in the address bar during a interrupted navigation attempt. This could have caused confusion for users and potentially led to spoofing attacks. This vulnerability affects Firefox 133 and Thunderbird 133...

4.3CVSS5.1AI score0.00401EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.14 views

CVE-2026-50508

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS5.4AI score0.00662EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48458

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://request.hostnext url and the JS client redirects via...

6.1CVSS5.5AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.7 views

CVE-2026-45479

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS0.00505EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

TencentOS Server 4: gnutls (TSSA-2026:0431)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0431 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

8.2CVSS5.6AI score0.00423EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.9 views

EUVD-2026-34636

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/04 4:18 p.m.36 views

CVE-2026-50266

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

2.2CVSS0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/04 4:18 p.m.10 views

EUVD-2026-34301

In OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set deviceowner to a value that has "network:" at the beginning "network:dhcp" for example. The default port RBAC policies incorrectly included PROJECTMANAGER without...

3.5CVSS7.1AI score0.00963EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

OpenStack Neutron 安全漏洞

OpenStack Neutron is an open-source project under OpenStack, designed to provide services between interface devices managed by other OpenStack services. Prior to version 28.0.1, OpenStack Neutron had a security vulnerability. This vulnerability stemmed from the ability of project administrators t...

2.2CVSS5.3AI score0.00262EPSS
Exploits0References6
RustSec
RustSec
added 2026/06/03 12:0 p.m.12 views

Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

5.8AI score0.0005EPSS
Exploits0Affected Software1
Rows per page
Query Builder