Lucene search
K

5809 matches found

NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-48251

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 1:23 p.m.30 views

CVE-2026-47900 Stored XSS via Unsanitized Plugin Metadata in Logseq

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

4.6CVSS0.00139EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 1:23 p.m.27 views

CVE-2026-47899

CVE-2026-47899 affects Logseq via the Electron preload script, where an API method allows the renderer to invoke IPC handlers without proper path validation. This enables a JavaScript-executing attacker (e.g., via XSS or a malicious plugin) to read, write, or delete arbitrary files on the user’s ...

8.7CVSS5.8AI score0.00137EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.11 views

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...

5.4CVSS5.1AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/08 4:49 p.m.43 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS0.0057EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 3:20 p.m.11 views

EUVD-2026-35097

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.7AI score0.00805EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 1:45 a.m.6 views

CVE-2026-11477

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47511

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An inappropriate implementation in MediaCapture allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References84
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.12 views

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

5.1CVSS5.8AI score0.00291EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.13 views

CVE-2026-35246

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

7.5CVSS7.3AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.11 views

CVE-2026-35231

Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications component: User Interface. The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

7.5CVSS7.4AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 3:48 p.m.13 views

OESA-2026-2556 libsolv security update

A free package dependency solver using a satisfiability algorithm. The library is based on two major, but independent, blocks: Security Fixes: MANUALLYVERIFIEDREPORT package: libsolv-0.7.33-2.el10 ------ Security Heap Buffer Overflow in repoaddsolv via Negative maxsize Summary: Heap buffer overfl...

6.5CVSS6AI score0.00399EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34604

Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00175EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.11 views

CVE-2026-11276

Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. Chromium security severity: Low...

5.1CVSS5.8AI score0.0008EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11236

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00181EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:5 p.m.9 views

CVE-2026-11175

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.5AI score0.00234EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/04 11:4 p.m.38 views

CVE-2026-11092

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Medium...

0.00179EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:4 p.m.30 views

CVE-2026-11038

CVE-2026-11038 affects Google Chrome’s Subresource Integrity policy enforcement. The vulnerability allows a remote attacker to bypass content security policy via malicious network traffic in Chrome versions prior to 149.0.7827.53. Affected component is Subresource Integrity enforcement within Chr...

6.5CVSS5.8AI score0.00193EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 11:4 p.m.23 views

CVE-2026-10998

CVE-2026-10998 corresponds to an out-of-bounds read in Media in Google Chrome, exploitable by an attacker on the local network via crafted traffic. Affected product: Google Chrome (Media component). Root cause: out-of-bounds memory read triggered by processing network data before the browser upda...

4CVSS5.8AI score0.00106EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 11:3 p.m.25 views

CVE-2026-10950

CVE-2026-10950 affects Google Chrome on iOS (Autofill) where insufficient policy enforcement allowed a remote attacker to exfiltrate cross-origin data via a crafted HTML page. The issue is tied to Autofill handling in Chrome for iOS before version 149.0.7827.53. A patch is expected in 149.0.7827....

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder