Lucene search
+L

4935 matches found

Cvelist
Cvelist
added yesterday6 views

CVE-2026-54163 secure_headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input

secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...

4.7CVSS0.00031EPSS
Exploits0References3
CVE
CVE
added yesterday9 views

CVE-2026-54163

Summary: The vulnerability CVE-2026-54163 affects the Ruby gem secure_headers (pre-7.3.0). When applications feed untrusted input into CSP-related directives via override_content_security_policy_directives or related APIs, the three builders—build_sandbox_list_directive, build_media_type_list_dir...

4.7CVSS5.3AI score0.00031EPSS
Exploits0References3
Cvelist
Cvelist
added yesterday6 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

Exploits2References2
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-60137 WordPress < 7.0.2 - Facilitated SQL Injection via author__not_in in WP_Query

WordPress 6.8.x before 6.8.6, 6.9.x before 6.9.5, and 7.0.x before 7.0.2 does not properly sanitise the authornotin parameter of WPQuery, which could allow SQL Injection when a plugin or theme passes untrusted input to the parameter...

5.9AI score
Exploits2References2
NVD
NVD
added yesterday7 views

CVE-2026-14741

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parsedate. parsedate matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...

Exploits0References4
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-57077

A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists due to an unbounded newline scan during block-scalar lexing. A remote attacker could exploit this by providing a specially crafted YAML document, leading to potential information disclosure. This issue is an incomplete fix...

7.7CVSS6.1AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60780

HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse date. parse date matches the date string against a chain of alternative regexes, and str2time delegates to it. Several of these patterns place unbounded quantifiers next to each other before a...

5.4AI score
Exploits0References4
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-13713

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

6.2CVSS5.4AI score0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...

0.00186EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-55407

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decodeunknownfield function in buffa's protobuf decoder allocated heap memory in proportion to untrusted input unknown fields in the serialized protobuf without enforcing an...

6.3CVSS6.1AI score0.00565EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago6 views

pyasn1: pyasn1: Denial of Service via crafted BER input

A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...

7.5CVSS6.1AI score0.00354EPSS
Exploits0References7
NVD
NVD
added 4 days ago7 views

CVE-2026-46628

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.4CVSS0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-46628 Twig: The `spaceless` filter implicitly marks its output as safe

Twig is a template language for PHP. Prior to 3.26.0, the deprecated spaceless filter is registered as safe for HTML, causing Twig autoescaping to emit attacker-controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0...

5.1CVSS0.00169EPSS
Exploits0References3
CVE
CVE
added 4 days ago17 views

CVE-2026-46628

CVE-2026-46628 affects Twig (PHP template engine). Before 3.26.0, the deprecated spaceless filter was registered as safe for HTML, causing Twig autoescaping to emit attacker‑controlled markup unescaped when spaceless is applied to untrusted input. This issue is fixed in version 3.26.0. Affected: ...

5.4CVSS6.1AI score0.00169EPSS
Exploits0References3Affected Software1
OSV
OSV
added 4 days ago5 views

DEBIAN-CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS6.1AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 4 days ago4 views

CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00274EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00236EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-15778

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

0.00263EPSS
Exploits0References2
CVE
CVE
added 4 days ago11 views

CVE-2026-15778

CVE-2026-15778 affects Google Chrome navigation logic prior to version 150.0.7871.125, due to insufficient validation of untrusted input in Navigation. An attacker who compromises the renderer could bypass navigation restrictions via a crafted HTML page. The issue is addressed in Chrome 150.0.787...

6.5CVSS6.1AI score0.00263EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago65 views

CVE-2026-15771

CVE-2026-15771 affects Google Chrome on Windows prior to 150.0.7871.125. The vulnerability arises from insufficient validation of untrusted input in the Media component, allowing a remote attacker who has compromised the renderer process to potentially read sensitive information from process memo...

5.3CVSS6.1AI score0.00274EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder