Lucene search
K

11540 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-12754 VikBooking Hotel Booking Engine & PMS <= 1.8.12 - Reflected Cross-Site Scripting via 'layoutstyle' Parameter

The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'layoutstyle' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00293EPSS
Exploits0References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40641

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00262EPSS
Exploits0References3
NVD
NVD
added 4 days ago5 views

CVE-2026-14072

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.0019EPSS
Exploits0References2
NVD
NVD
added 4 days ago5 views

CVE-2026-14026

Incorrect security UI in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS0.00154EPSS
Exploits0References2
OSV
OSV
added 4 days ago2 views

DEBIAN-CVE-2026-13953

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00262EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago22 views

CVE-2026-14072

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.0019EPSS
Exploits0References2
CVE
CVE
added 4 days ago10 views

CVE-2026-13953

Summary: CVE-2026-13953 affects Google Chrome’s SplitView implementation in Chromium. An insecure/incorrect SplitView behavior allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. This is rated Medium (CVSSv3.1 base score 6....

6.5CVSS5.8AI score0.00262EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 4 days ago5 views

CVE-2026-13953

Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00262EPSS
Exploits0
Debian CVE
Debian CVE
added 4 days ago3 views

CVE-2026-13871

Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.7AI score0.00272EPSS
Exploits0
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-54518

A flaw was found in jackson-databind. This vulnerability allows a remote attacker to bypass security view restrictions by sending specially crafted JSON JavaScript Object Notation data. The UnwrappedPropertyHandler component, which processes unwrapped properties, incorrectly populates constructor...

6.5CVSS5.7AI score0.00211EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-54517

A flaw was found in jackson-databind. A remote attacker can exploit this vulnerability due to an issue in how active-view @JsonView filters are applied. Specifically, setterless collections annotated with a restricted @JsonView can be populated from attacker-controlled JSON even when the active...

5.3CVSS5.7AI score0.00237EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-14209 Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions

A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine-Grained Admin Permissions FGAPv2 are enabled, an administrator who should only be able to search for users but not view their full details can use a...

4.3CVSS0.00173EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-14209

Technical details (affected product/version, root cause, impact, fixes) are not publicly available in the provided Connected documents. Monitor for updates.

4.3CVSS5.7AI score0.00173EPSS
Exploits0References2Affected Software2
NVD
NVD
added 5 days ago10 views

CVE-2026-56781

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
CVE
CVE
added 5 days ago6 views

CVE-2026-56781

The CVE-2026-56781 entry details an improper access control in Teable prior to 2026-06-15T04-43-24Z.1912 where anonymous attackers can access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-56781 Teable - Unauthenticated Hidden Field Disclosure via Projection Parameter Override

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS0.00231EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40157

Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field data by supplying arbitrary field IDs in the projection parameter of the share view records endpoint. Attackers can enumerate hidden field IDs from shar...

6.9CVSS5.9AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 5 days ago5 views

PYSEC-2026-301 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Summary An unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. Details When Pygments returns more lines than it was given a known upstream quirk...

9.3CVSS6AI score0.00286EPSS
Exploits1References7
OSV
OSV
added 5 days ago5 views

PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5
Rows per page
Query Builder