Lucene search
K

367554 matches found

CVE
CVE
added 1 hour ago4 views

CVE-2026-20463

In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309...

5.8AI score
Exploits0References1
CVE
CVE
added 1 hour ago4 views

CVE-2026-20462

In Telephony, there is a possible memory corruption due to a heap buffer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS11006447; Issue ID: MSV-7871...

6.1AI score
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-20461

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation...

6AI score
Exploits0References1
CVE
CVE
added 1 hour ago3 views

CVE-2026-20460

In Modem, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

6AI score
Exploits0References1
CVE
CVE
added 1 hour ago3 views

CVE-2026-20459

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

6AI score
Exploits0References1
CVE
CVE
added 1 hour ago4 views

CVE-2026-20458

In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

6AI score
Exploits0References1
CVE
CVE
added 1 hour ago3 views

CVE-2026-20457

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patc...

6AI score
Exploits0References1
CVE
CVE
added 2 hours ago6 views

CVE-2026-14191

An out-of-bounds heap write exists in the RAR5 recovery-volume .rev parser in WinRAR and UnRAR RecVolumes5::ReadHeader in recvol5.cpp. The RecItems vector is sized only when the first .rev file in a set is processed; subsequent .rev files supply an independent RecNum value that is validated again...

7.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added 2 hours ago1 views

CVE-2026-12943

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

Exploits0
CVE
CVE
added 3 hours ago8 views

CVE-2026-57963

The CVE describes a vulnerability in Thunderbird’s chat UI where an attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Affected product: Thunderbird (chat UI component). Root cause: HTML/CSS cont...

5.9AI score
Exploits0References3
CVE
CVE
added 3 hours ago7 views

CVE-2026-57962

The CVE-2026-57962 vulnerability affects the Thunderbird LDAP client used for address-book autocomplete. A malicious LDAP server can push arbitrarily large attacker-supplied data into Thunderbird, causing memory exhaustion and a DoS. Root cause: unbounded data accepted by the LDAP client during a...

5.8AI score
Exploits0References3
CVE
CVE
added 4 hours ago38 views

CVE-2026-53488

CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...

9.4CVSS5.9AI score
Exploits0References1
CVE
CVE
added 4 hours ago3 views

CVE-2026-57149

Technical details for CVE-2026-57149 are not publicly available in the provided documents. Monitor for updates.

Exploits0
CVE
CVE
added 4 hours ago14 views

CVE-2026-41579

Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.

3.3CVSS5.9AI score0.00011EPSS
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-54903

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.load is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in bufappendstring buf.h:61 converts the string length to a large negative sizet,...

6.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-54902

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, is vulnerable to Use-After-Free when in SAJ mode. The Oj::Parser does not protect cached object keys ≥ 35 bytes from garbage collection, and a Ruby callback that triggers GC inside hashend ca...

6.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-54901

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection, leading to Use-After-Free. If GC runs after the class is assigned but before a parse,...

6.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday15 views

CVE-2026-54900

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in usual mode with createid enabled, Oj::Parserparse is vulnerable to heap corruption via a negative-size memcpy. When a JSON object key is exactly 65,535 bytes long, an integer...

6.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday19 views

CVE-2026-54898

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2,Oj::Parserparse is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw const byte pointer into the Ruby...

2.1CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday22 views

CVE-2026-54897

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to 3.17.2, Oj::Doc iterators eachvalue, eachchild, eachleaf were vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls doc.close or d.close, the document's heap memory is freed...

2.1CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-54896

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, when in object mode, Oj.dump is vulnerable to a heap buffer overflow when serializing Exception objects with a large :indent value. The serializer allocates a buffer sized for the object'...

2.1CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday18 views

CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-54502

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.2, Oj.dump is vulnerable to a stack-based buffer overflow when a large :indent value is provided by the developer. fillindent in dump.h calls memsetindentstr, ' ', sizetopts-indent without...

6.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday17 views

CVE-2026-54500

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj.load in :object mode reads uninitialized stack memory and, for long keys, reads out of bounds when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surfac...

5.3CVSS5.9AI score
Exploits0References1
CVE
CVE
added yesterday16 views

CVE-2026-54899

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. Prior to version 3.17.2, disabling symbolkeys on a reused Oj::Parser instance triggers a heap use-after-free. When symbolkeys is toggled from true to false, optsymbolkeysset frees the internal key cache cachefree but...

6.3CVSS5.7AI score
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-55223

CVE-2026-55223 affects the c3p0 JDBC connection pooling library. Before 0.14.0, c3p0 can enable a deserialization gadget “sink” when combined with other libraries: DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() are treated as safe JavaBean properties, but invoking p...

6.3CVSS5.7AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-50110

The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...

9.3CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-56413

CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...

10CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-56415

The vulnerability CVE-2026-56415 affects the Storage Concentrator (SC & SCVM). The issue is a command injection in the debug.pl script that is reachable without authentication. A remote attacker can send a crafted HTTP request containing a malicious payload which is processed without proper input...

10CVSS6.2AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-14156

CVE-2026-14156 affects Google Chrome (StorageAccessAPI) prior to 150.0.7871.47, where insufficient policy enforcement in the StorageAccessAPI allowed a remote attacker who had compromised the renderer process to bypass the Same Origin Policy via a crafted HTML page. The impact is abuse of cross-o...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14155

CVE-2026-14155 describes an issue in Google Chrome's StorageAccessAPI where insufficient policy enforcement in versions prior to 150.0.7871.47 could allow a remote attacker to leak cross-origin data via a crafted HTML page. The Chromium entry lists the impact as Low severity. The vulnerability af...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-14153

The CVE-2026-14153 entry describes an insecure/incorrect implementation in the Chrome browser’s Glic component prior to version 150.0.7871.47, which enables UI spoofing via a crafted HTML page when a user performs specific UI gestures. The root cause is an inappropriate implementation in Glic in ...

5.3CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14154

Affected software: Google Chrome DevTools. Vulnerability: Inappropriate implementation allows UI spoofing via a crafted Chrome Extension when users install a malicious extension, prior to Chrome version 150.0.7871.47. Root cause is an improper DevTools implementation. Impact: potential UI spoofin...

4.8CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14150

CVE-2026-14150 concerns Google Chrome where insufficient validation of untrusted input in the Speech component prior to version 150.0.7871.47 enables a remote attacker who already compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability is described with ...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday2 views

CVE-2026-14152

CVE-2026-14152 affects ANGLE in Google Chrome, with the vulnerability described as an out-of-bounds read and write prior to Chrome 150.0.7871.47. A remote attacker who has compromised the renderer process could potentially escalate to sandbox escape via a crafted HTML page. The description notes ...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14151

Affected software: Google Chrome (Chromium-based). Issue: Inappropriate implementation in AI in Chrome allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Root cause: misuse in the renderer/AI integration enabling san...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14147

CVE-2026-14147 : This vulnerability affects Google Chrome’s CSS handling prior to version 150.0.7871.47, where an inappropriate implementation could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The root cause is an implementation issue in CSS process...

6AI score
Exploits0References2
CVE
CVE
added yesterday2 views

CVE-2026-14148

CVE-2026-14148 concerns a Type Confusion in CSS handling in Google Chrome, allowing a remote attacker to extract potentially sensitive information from a process’s memory via a crafted HTML page. The affected software is Google Chrome (Chromium-based), with the issue described as occurring in ver...

6.5CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14149

Concerning CVE-2026-14149: A use-after-free in Chrome’s Audio path on Linux (Chromium-based) allowed remote code execution via a crafted HTML page. Affected product: Google Chrome on Linux. Root cause: use-after-free in Audio component; impact: arbitrary code execution. Vulnerability is mitigated...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14145

In Google Chrome, an inappropriate CSS implementation allows UXSS: a remote attacker can inject arbitrary scripts/HTML via a crafted HTML page. Affected product: desktop Chrome versions prior to 150.0.7871.47. Root cause: CSS handling vulnerability described as an improper implementation. Impact:...

6AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14146

Summary: CVE-2026-14146 involves an inappropriate implementation in CSS within Google Chrome (pre-150.0.7871.47) that could allow a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability is described as having a low severity. What’s affected: Google Chrome CSS handli...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-14144

CVE-2026-14144 affects Google Chrome before 150.0.7871.47 in the Views security UI, where an incorrect security UI could allow a remote attacker to trigger UI spoofing via a crafted HTML page if the user performs specific UI gestures. The vulnerability relies on user interaction and is tied to UI...

4.2CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14142

CVE-2026-14142 : In Google Chrome, an insecure implementation in Extensions prior to version 150.0.7871.47 allows a remote attacker who has already compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability is tied to the Extensions component, with impact d...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14143

CVE-2026-14143 concerns Google Chrome on iOS, where the Passwords UI can be spoofed due to an incorrect security UI. Descriptions across sources consistently state the vulnerability allows a remote attacker to spoof UI via a crafted HTML page, with Chromium security severity listed as Low. The CV...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14141

CVE-2026-14141 concerns Google Chrome on Android where an incorrect security UI in Document Picture-in-Picture could let a remote attacker spoof the domain via a crafted HTML page. The issue is tied to Chrome/Chromium’s Picture-in-Picture UI (Android) with a severity listed as Low, and affects ve...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14140

The vulnerability CVE-2026-14140 affects Google Chrome on Android (pre-150.0.7871.47). It stems from insufficient validation of untrusted input in Input, enabling a remote attacker to trigger UI spoofing via a crafted HTML page. Severity is noted as Low in Chromium. Connected documents confirm th...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14139

CVE-2026-14139 affects Google Chrome TabStrip. It describes an inappropriate implementation in TabStrip that allows a remote attacker to perform UI spoofing by convincing a user to engage in specific UI gestures on a crafted HTML page, before version 150.0.7871.47. The vulnerability is tied to UI...

4.2CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14136

CVE-2026-14136 concerns Chrome for iOS (Google Chrome on iOS). The issue is insufficient validation of untrusted input in Chrome for iOS, allowing a remote attacker to perform UI spoofing via a crafted HTML page. Affected component: Chrome on iOS before version 150.0.7871.47. Impact is UI spoofin...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14138

This CVE concerns Google Chrome on Windows with an inappropriate implementation in WebAppInstalls prior to version 150.0.7871.47. The issue enables a remote attacker, by convincing a user to perform specific UI gestures on a crafted HTML page, to achieve UI spoofing due to the implementation flaw...

4.2CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14137

Chrome for iOS (Google Chrome on iOS) is affected by CVE-2026-14137 due to insufficient validation of untrusted input prior to 150.0.7871.47. An attacker could cause UI spoofing by convincing a user to engage in specific UI gestures on a crafted HTML page. The described impact is UI spoofing with...

4.2CVSS5.8AI score
Exploits0References2
Total number of security vulnerabilities367554