Lucene search
K

365156 matches found

NVD
NVD
•added 2026/06/05 11:16 a.m.•13 views

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors IVs for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can...

8.5CVSS0.00073EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 11:16 a.m.•14 views

CVE-2026-21017

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

5.5CVSS0.00093EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 11:16 a.m.•16 views

CVE-2026-21025

Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00093EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 9:16 a.m.•16 views

CVE-2026-49777

Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4...

10CVSS0.01656EPSS
Exploits3References1
NVD
NVD
•added 2026/06/05 9:16 a.m.•15 views

CVE-2026-6274

Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8...

9.8CVSS0.0046EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 9:16 a.m.•14 views

CVE-2026-11332

A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags through the src field...

7.8CVSS0.00156EPSS
Exploits0References4
NVD
NVD
•added 2026/06/05 8:16 a.m.•14 views

CVE-2026-9088

A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied,...

2.7CVSS0.00348EPSS
Exploits0References6
NVD
NVD
•added 2026/06/05 8:16 a.m.•13 views

CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

10CVSS0.80425EPSS
Exploits19References3
NVD
NVD
•added 2026/06/05 7:16 a.m.•17 views

CVE-2026-21837

HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API. An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a complete system takeover...

8.8CVSS0.0092EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 7:16 a.m.•15 views

CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

6.1CVSS0.00144EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 7:16 a.m.•17 views

CVE-2026-10732

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

7.5CVSS0.00521EPSS
Exploits0References6
NVD
NVD
•added 2026/06/05 7:16 a.m.•15 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS0.00152EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 4:17 a.m.•13 views

CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.3CVSS0.00112EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 2:17 a.m.•13 views

CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

4.5CVSS0.0009EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 2:17 a.m.•14 views

CVE-2026-50591

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...

5.4CVSS0.00133EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 2:17 a.m.•13 views

CVE-2026-50592

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

6.4CVSS0.00148EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 2:17 a.m.•15 views

CVE-2026-7762

A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

9.8CVSS0.00567EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 2:17 a.m.•12 views

CVE-2026-7763

A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio range to cause a Denial of Service kernel panic or potentially achieve Remote Code Execution via a...

9.8CVSS0.00536EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 2:17 a.m.•39 views

CVE-2026-41567

Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via PUT /containers/id/archive or piped through docker cp -, the daemon resolves decompression binaries such as xz or unpigz fr...

7.5CVSS0.00153EPSS
Exploits0References5
NVD
NVD
•added 2026/06/05 2:17 a.m.•9 views

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS0.00214EPSS
Exploits0References1
NVD
NVD
•added 2026/06/05 2:17 a.m.•14 views

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS0.00112EPSS
Exploits0References6
NVD
NVD
•added 2026/06/05 12:17 a.m.•13 views

CVE-2026-11309

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00132EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•15 views

CVE-2026-50589

In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash...

7.5CVSS0.00433EPSS
Exploits0References6
NVD
NVD
•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-11302

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•13 views

CVE-2026-11303

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS0.00236EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•11 views

CVE-2026-11304

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Low...

8.8CVSS0.00187EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•16 views

CVE-2026-11305

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS0.00228EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-11306

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS0.00224EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•16 views

CVE-2026-11308

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

6.3CVSS0.00099EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•13 views

CVE-2026-11307

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS0.00228EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-11294

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00154EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•11 views

CVE-2026-11296

Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

7.5CVSS0.00175EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-11297

Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

7.7CVSS0.00091EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•14 views

CVE-2026-11298

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00159EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•14 views

CVE-2026-11299

Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00198EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•14 views

CVE-2026-11300

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00154EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•11 views

CVE-2026-11301

Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. Chromium security severity: Low...

8.8CVSS0.00209EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•12 views

CVE-2026-11295

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00206EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•12 views

CVE-2026-11289

Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00197EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•11 views

CVE-2026-11290

Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. Chromium security severity: Low...

5CVSS0.00066EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-11292

Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00186EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•14 views

CVE-2026-11288

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00197EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•26 views

CVE-2026-11287

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00233EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•13 views

CVE-2026-11291

Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00159EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•13 views

CVE-2026-11293

Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS0.00202EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•12 views

CVE-2026-11286

Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00154EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•12 views

CVE-2026-11283

Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

6.5CVSS0.002EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•15 views

CVE-2026-11285

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00183EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•16 views

CVE-2026-11281

Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. Chromium security severity: Low...

5CVSS0.00085EPSS
Exploits0References2
NVD
NVD
•added 2026/06/05 12:17 a.m.•18 views

CVE-2026-11280

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00183EPSS
Exploits0References2
Total number of security vulnerabilities365156