Lucene search
+L

3531 matches found

euvd
euvd
added 6 hours ago5 views

EUVD-2026-45114

OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks...

8.5CVSS6.1AI score
Exploits0References2
nuclei
nuclei
added yesterday34 views

Zhiyuan OA Platform - Arbitrary File Upload

An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via the wpsAssistServlet interface. The realFileType and fileId parameters are improperly validated during multipart file uploads, allowing...

10CVSS6.5AI score0.1438EPSS
Exploits3References2
ibm
ibm
added 3 days ago6 views

Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in DataView

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in DataView. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2023-44981 DESCRIPTION: Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer...

9.1CVSS7.5AI score0.02667EPSS
Exploits2Affected Software1
nessus
nessus
added 3 days ago8 views

Adobe Premiere Pro < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-76)

The version of Adobe Premiere Pro installed on the remote Windows host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-76 advisory. - Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Securi...

7.8CVSS6.3AI score0.00297EPSS
Exploits0References5
cve
cve
added 2026/07/08 10:20 p.m.38 views

CVE-2026-54782

CVE-2026-54782 affects CoreWCF (CoreWCF.Primitives and related token validation path) where SAML 1.1/2.0 token validation fails to resolve the issuer signing key when IdentityConfiguration is used with federated bindings, allowing unauthenticated impersonation. Affected versions: prior to 1.8.1 a...

10CVSS6AI score0.00246EPSS
Exploits0References6
osv
osv
added 2026/07/08 1:46 p.m.2 views

SUSE-SU-2026:22553-1 Security update for curl

This update for curl fixes the following issues - CVE-2026-8286: wrong STARTTLS connection reuse bsc1268402. - CVE-2026-8458: wrong reuse for different services bsc1268407. - CVE-2026-8924: traling dot domain super cookie bsc1268409. - CVE-2026-8927: env-set cross-proxy Digest auth state leak...

9.8CVSS6.1AI score0.01064EPSS
Exploits10References21
osv
osv
added 2026/07/06 3:23 p.m.8 views

BIT-LIBPYTHON-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host...

5.7CVSS5.7AI score0.00562EPSS
Exploits0References11
osv
osv
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-952 Incomplete validation in signal ops leads to crashes in TensorFlow

Impact The tf.compat.v1.signal.rfft2d and tf.compat.v1.signal.rfft3d lack input validation and under certain condition can result in crashes due to CHECK-failures. Patches We have patched the issue in GitHub commit 0a8a781e597b18ead006d19b7d23d0a369e9ad73 merging GitHub PR 55274. The fix will be...

5.5CVSS6.1AI score0.0031EPSS
Exploits1References12
cve
cve
added 2026/07/01 10:21 p.m.38 views

CVE-2026-14411

CVE-2026-14411 describes insufficient validation of untrusted input in ANGLE used by Google Chrome, prior to build 150.0.7871.46. The issue may allow a remote attacker to cause a sandbox escape via a crafted HTML page. Documented impact is a high-severity, likely remote threat affecting ANGLE int...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40742

Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00253EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13999

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS0.00176EPSS
Exploits0References2
nvd
nvd
added 2026/06/30 11:16 p.m.6 views

CVE-2026-13816

Insufficient validation of untrusted input in File Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00299EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 10:39 p.m.25 views

CVE-2026-14136

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.00179EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 10:39 p.m.27 views

CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

0.00182EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/30 10:38 p.m.29 views

CVE-2026-13955

Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Medium...

0.00111EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.6 views

PT-2026-54203

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to bypass navigation restrictions by using a crafte...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
ibm
ibm
added 2026/06/29 1:4 p.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux_2_34_x86_64.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892

Summary IBM Maximo Application Suite - Visual Inspection component uses cryptography-46.0.5-cp311-abi3-manylinux234x8664.whl which is vulnerable to CVE-2026-34073, CVE-2026-39892, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details...

9.8CVSS6.2AI score0.00652EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/26 12:5 p.m.9 views

RLSA-2026:29195 Important: buildah security update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

7.5CVSS7.3AI score0.00728EPSS
Exploits0References5
nessus
nessus
added 2026/06/26 12:0 a.m.8 views

RockyLinux 9 : runc (RLSA-2026:29702)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:29702 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient...

7.5CVSS5.9AI score0.00728EPSS
Exploits0References7
nvd
nvd
added 2026/06/25 2:16 p.m.6 views

CVE-2026-46734

Dell Display and Peripheral Manager DDPM Mac, versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

7.8CVSS0.00064EPSS
Exploits0References1
Rows per page
Query Builder