Lucene search
K

7866 matches found

CVE
CVE
added 2026/06/10 8:30 p.m.38 views

CVE-2026-0266

CVE-2026-0266 concerns a Stored Cross-Site Scripting (XSS) vulnerability in Palo Alto Networks PAN-OS web interface. The connected documents specify that an authenticated administrator can store a JavaScript payload via the PAN-OS web UI, affecting PAN-OS on PA-Series and VM-Series firewalls as w...

4.8CVSS5.2AI score0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:30 p.m.37 views

CVE-2026-0266 PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...

4.8CVSS0.00213EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:35 p.m.8 views

CVE-2026-49759 Stack buffer overflow in SCTP error cause parsing in inet_drv allows remote VM crash

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/10 2:35 p.m.9 views

EUVD-2026-36053

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.20 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass...

8.6CVSS5.7AI score0.01193EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.13 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows an authenticated administrator with...

8.5CVSS5.4AI score0.00242EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.13 views

Palo Alto Networks PAN-OS 11.1.x < 11.1.14 / 11.2.x < 11.2.11 / 12.1.x < 12.1.5 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 11.1.x prior to 11.1.14, 11.2.x prior to 11.2.11, or 12.1.x prior to 12.1.5. It is, therefore, affected by a vulnerability. A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious...

4.8CVSS5AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.23 views

CVE-2026-46442

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When...

9.9CVSS6.5AI score0.0082EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.9 views

Podman 4.8.0 < 5.8.2 PowerShell Command Injection (GHSA-hc8w-h2mf-hp59)

The version of Podman installed on the remote Windows host is prior to 5.8.2. It is, therefore, affected by a command injection vulnerability in the HyperV machine backend. - A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShe...

8.8CVSS6AI score0.00607EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 7:15 p.m.10 views

CVE-2026-46295

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...

5.5CVSS5.5AI score0.00112EPSS
Exploits0References4
NVD
NVD
added 2026/06/08 5:16 p.m.18 views

CVE-2026-46311

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7.8CVSS0.00112EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 3:50 p.m.40 views

CVE-2026-46311 drm/amdgpu/userq: fix access to stale wptr mapping

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7.8CVSS0.00112EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:50 p.m.11 views

EUVD-2026-35121

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

5.4AI score0.00112EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:30 p.m.54 views

CVE-2026-46442

Flowise (prior to 3.1.2) is affected by authenticated remote code execution via POST /api/v1/node-custom-function when E2B_APIKEY is not configured. The endpoint lacks route-level authorization, allowing authenticated users/API keys to submit arbitrary JavaScript to Custom JS Function, which is e...

9.9CVSS6.5AI score0.0082EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/08 3:16 p.m.16 views

CVE-2026-43974

Unexpected Status Code or Return Value vulnerability in ninenines gun gunhttp module allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Protocols response. In gunhttp:handleinform/8, when a 101 Switching Protocols response is received over...

8.7CVSS0.00381EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

6.5CVSS5.5AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.14 views

CVE-2026-25199

Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants. This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0. The Proxmox extension for CloudStack improperly uses a user-editable instance setting, proxmoxvmid, to associate...

9.1CVSS5.4AI score0.005EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.12 views

CVE-2026-0238

A vulnerability in Palo Alto Networks Broker VM allows an authenticated administrator to inject arbitrary content into certain Broker VM fields...

4.8CVSS5.6AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

4.6CVSS5.5AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-0256

A stored cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual an...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder