Lucene search
K

3523 matches found

Nuclei
Nuclei
added yesterday32 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.5AI score0.1438EPSS
Exploits3References2
CVE
CVE
added 6 days ago36 views

CVE-2026-54782

CVE-2026-54782 affects CoreWCF (CoreWCF.Primitives and related token validation path) where SAML 1.1/2.0 token validation fails to resolve the issuer signing key when IdentityConfiguration is used with federated bindings, allowing unauthenticated impersonation. Affected versions: prior to 1.8.1 a...

10CVSS6AI score0.00246EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 3:23 p.m.7 views

BIT-LIBPYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-952 Incomplete validation in signal ops leads to crashes in TensorFlow

Impact The tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274. The fix will be...

5.5CVSS6.1AI score0.0031EPSS
Exploits1References12
CVE
CVE
added 2026/07/01 10:21 p.m.35 views

CVE-2026-14411

CVE-2026-14411 describes insufficient validation of untrusted input in ANGLE used by Google Chrome, prior to build 150.0.7871.46. The issue may allow a remote attacker to cause a sandbox escape via a crafted HTML page. Documented impact is a high-severity, likely remote threat affecting ANGLE int...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40742

Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13999

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS0.00176EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.6 views

CVE-2026-13816

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.24 views

CVE-2026-14136

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13955

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Medium...

0.00111EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54203

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to bypass navigation restrictions by using a crafte...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 1:4 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

9.8CVSS6.2AI score0.00652EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/26 12:5 p.m.9 views

RLSA-2026:29195 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.8CVSS0.00064EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:8 p.m.23 views

CVE-2026-57536

CVE-2026-57536 affects the pretix-mollie payment integration, where payment status responses are not properly validated. An attacker could reuse a successful payment status from one payment and apply it to a different payment, potentially gaining access to multiple valid tickets with a single pay...

6.3CVSS5.9AI score0.00257EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:59 p.m.8 views

CVE-2026-42388

Incomplete validation of the SOA record present in a catalog zone might lead to a crash...

5.9CVSS5.8AI score0.004EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52146

Name of the Vulnerable Software and Affected Versions Quest NetVault Backup affected versions not specified Description A flaw in the processing of NVBURASDevice JSON-RPC messages allows remote attackers to execute arbitrary code in the context of NETWORK SERVICE. The issue stems from insufficien...

8.8CVSS7.6AI score0.00689EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.13 views

RHEL 10 : buildah (RHSA-2026:29195)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:29195 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

7.5CVSS6AI score0.00728EPSS
Exploits0References10
Rows per page
Query Builder