Lucene search
K

162582 matches found

CVE
CVE
added 2026/06/09 2:50 p.m.29 views

CVE-2026-24065

Waves Central for macOS (versions 13.0.9–16.5.5) contains a local privilege escalation in the privileged helper service. The helper validates connecting XPC clients by examining the client PID to verify code-signing identity. Since PIDs can be reused, an attacker can race between connection and v...

8.1CVSS6.1AI score0.00323EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/09 2:50 p.m.8 views

CVE-2026-24065 Local Privilege Escalation via Insecure XPC Client Validation in Waves Central for macOS

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...

6.1AI score0.00323EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/09 2:27 p.m.10 views

EUVD-2026-31440

shell-quote quote does not escape newlines in object .op values...

9.2CVSS5.4AI score0.00848EPSS
Exploits1References6
NVD
NVD
added 2026/06/09 2:16 p.m.16 views

CVE-2026-47899

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS0.00137EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.9 views

Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.3CVSS5.4AI score0.00079EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS5.4AI score0.00182EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.17 views

Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.00233EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.7 views

Chromium: CVE-2026-11119 Insufficient validation of untrusted input in GPU

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

9.6CVSS5.4AI score0.00234EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.8 views

Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.00308EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Visual Studio Code Elevation of Privilege Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

9.6CVSS5.5AI score0.00591EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.8 views

Visual Studio Code Elevation of Privilege Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.1CVSS5.5AI score0.00671EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.13 views

Visual Studio Code Security Feature Bypass Vulnerability

Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

7.1CVSS5.5AI score0.0035EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.7 views

Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...

3.9CVSS5.4AI score0.00319EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/09 1:23 p.m.8 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2026/06/09 1:20 p.m.12 views

Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2026-23271: perf: Fix perfeventoverflow vs perfremovefromcontext race bsc1260018. CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache bsc1261638...

8.8CVSS5.6AI score0.00563EPSS
Exploits5References38
Cvelist
Cvelist
added 2026/06/09 12:36 p.m.28 views

CVE-2026-46332 greybus: gb-beagleplay: bound bootloader receive buffering

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...

8CVSS0.00193EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/09 11:54 a.m.14 views

CVE-2026-46739

A flaw was found in perl-Net-Statsd. This vulnerability allows an attacker to inject additional statsd metrics due to insufficient validation of metric names and values. Specifically, the software does not properly check for newlines, colons, or pipes in metric names, nor does it ensure that valu...

5.3CVSS5.3AI score0.00258EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.8 views

node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance

A flaw was found in Forge also known as node-forge, a JavaScript implementation of Transport Layer Security TLS. The pki.verifyCertificateChain function does not properly enforce certificate validation rules. This oversight allows an intermediate certificate that lacks specific security extension...

9.1CVSS5.5AI score0.00303EPSS
Exploits1References6
NVD
NVD
added 2026/06/09 11:16 a.m.10 views

CVE-2026-49741

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS0.00244EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/09 9:19 a.m.13 views

Improper Certificate Validation

The LDAP client is vulnerable to Improper Certificate Validation. The vulnerability is due to missing hostname verification during TLS server identity validation, where the LDAP client validates the certificate chain but does not verify that the certificate matches the intended LDAP server...

8.8CVSS5.5AI score0.00182EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder