Lucene search
K

364828 matches found

NVD
NVD
•added 2026/06/09 3:16 a.m.•11 views

CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00181EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 3:16 a.m.•12 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS0.00209EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 3:16 a.m.•13 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS0.00401EPSS
Exploits0References7
NVD
NVD
•added 2026/06/09 2:16 a.m.•17 views

CVE-2026-10862

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS0.00155EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•11 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•19 views

CVE-2026-44754

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS0.00219EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•19 views

CVE-2026-44757

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

4.7CVSS0.00154EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•16 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS0.00148EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 1:16 a.m.•26 views

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS0.00188EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-44744

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•18 views

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS0.00207EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•13 views

CVE-2026-44750

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

4.3CVSS0.00161EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-40128

SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...

9CVSS0.00454EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS0.00199EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•80 views

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS0.00231EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•17 views

CVE-2026-27671

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

9.8CVSS0.00437EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•20 views

CVE-2026-24315

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS0.00174EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•21 views

CVE-2026-11699

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•18 views

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•12 views

CVE-2026-11696

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00193EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•12 views

CVE-2026-11701

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS0.00178EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•14 views

CVE-2026-11698

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•18 views

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•18 views

CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00214EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•12 views

CVE-2026-11695

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00177EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•14 views

CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00214EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•17 views

CVE-2026-11692

Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•22 views

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00171EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•13 views

CVE-2026-11689

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS0.00218EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•19 views

CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00169EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11687

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•17 views

CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS0.00184EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•17 views

CVE-2026-11682

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00192EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•29 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00171EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•13 views

CVE-2026-11680

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00243EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•13 views

CVE-2026-11679

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11678

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00177EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•19 views

CVE-2026-11685

Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00177EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11683

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00307EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•14 views

CVE-2026-11681

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•13 views

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS0.00224EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•14 views

CVE-2026-11673

Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00243EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•20 views

CVE-2026-11672

Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00238EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•23 views

CVE-2026-11669

Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00213EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•16 views

CVE-2026-11676

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.0023EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•17 views

CVE-2026-11677

Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00148EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•13 views

CVE-2026-11675

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.002EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11674

Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00243EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00243EPSS
Exploits0References2
Total number of security vulnerabilities364828