CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

9CVSS5.4AI score0.00106EPSS

CVE-2026-11660

An insufficient validation of untrusted input flaw was found in the New Tab Page component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513731890...

9.6CVSS5.4AI score0.00106EPSS

CVE-2026-11659

An insufficient validation of untrusted input flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513702971...

6.8CVSS5.4AI score0.00032EPSS

CVE-2026-11658

An insufficient validation of untrusted input flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513564337...

8.7CVSS5.4AI score0.00032EPSS

CVE-2026-11653

An insufficient validation of untrusted input flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513321171...

RedHat Linux•added 2 days ago•8 views

kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets

A flaw was found in the Linux kernel's netfilter component. This vulnerability occurs because the eui64mt6 function, which processes IPv6 packets, does not properly validate the MAC header for all packets. Specifically, packets with a zero fragment offset could bypass an existing guard, allowing...

9.4CVSS5.3AI score0.00122EPSS

RedHat Linux•added 2 days ago•4 views

keycloak: org.keycloak/keycloak-services: Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.4AI score0.00021EPSS

Exploits0References4

CVE•added 2 days ago•8 views

CVE-2026-50569

The CVE concerns Fission (Kubernetes-native serverless framework). Before version 1.25.0, HTTPTriggerSpec.Validate() checked Methods, FunctionReference, Host, IngressConfig, and CorsConfig but silently skipped RelativeURL and Prefix; these fields were only validated at the CLI. As a result, an HT...

4.3CVSS5.4AI score0.0004EPSS

EUVD•added 2 days ago•6 views

EUVD-2026-36073

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate validated Methods, FunctionReference, Host, IngressConfig, and CorsConfig, but silently skipped RelativeU...

4.3CVSS5.4AI score0.0004EPSS

Cvelist•added 2 days ago•23 views

CVE-2026-50569 Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks

4.3CVSS0.0004EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-36072

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path stayed under a safe directory by calling strings.HasPrefixpath,...

3.6CVSS5.4AI score0.00012EPSS

Exploits0References4

Cvelist•added 2 days ago•21 views

CVE-2026-50545 Fission Environment CRD PodSpec Injection Leading to Node Escape and Cluster Takeover

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation, and MergePodSpec propagated dangerous...

9.9CVSS0.00062EPSS

Exploits0References4

Cvelist•added 2 days ago•21 views

CVE-2026-49824 Fission: Cross-namespace Environment reference via unvalidated EnvironmentRef in Function admission webhook

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook pkg/webhook/function.go validated that spec.secrets.namespace and spec.configmaps.namespace...

8.5CVSS0.00027EPSS

CVE•added 2 days ago•7 views

CVE-2026-49823

Summary : CVE-2026-49823 affects Fission (Kubernetes-native serverless framework). Before version 1.24.0, the PackageRef.Namespace in a Fission Function spec was not validated by the admission webhook (unlike Secret/ConfigMap). This allowed cross-namespace access via an unvalidated Package refere...

7.7CVSS5.4AI score0.00027EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-36096

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by...

7.7CVSS5.4AI score0.00027EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-36094

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without verifying that Package.spec.environment.namespace matched...

7.7CVSS5.4AI score0.00027EPSS

NVD•added 2 days ago•5 views

CVE-2026-46616

Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious...

6.1CVSS0.00026EPSS