Lucene search
K

366241 matches found

NVD
NVD
•added 2026/06/09 5:16 a.m.•13 views

CVE-2026-41839

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

4.2CVSS0.00197EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:16 a.m.•14 views

CVE-2026-26236

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS0.00322EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:16 a.m.•12 views

CVE-2026-41006

Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3...

7.5CVSS0.00276EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 5:16 a.m.•13 views

CVE-2026-40983

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service DoS condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11...

7.5CVSS0.00474EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:16 a.m.•13 views

CVE-2026-40984

In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15.0 through 1.15.11; 1.14.0 through 1.14.15; 1.13.0 through 1.13.18; 1.9.0 through 1.9.17...

7.5CVSS0.00623EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 5:16 a.m.•14 views

CVE-2026-11623

A security vulnerability has been detected in tmux up to 3.6a. Affected is the function imagefree of the file image.c. Such manipulation leads to use after free. Local access is required to approach this attack. This attack is characterized by high complexity. The exploitability is told to be...

4.5CVSS0.00124EPSS
Exploits0References8
NVD
NVD
•added 2026/06/09 5:16 a.m.•11 views

CVE-2026-11603

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00205EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 5:16 a.m.•10 views

CVE-2026-10738

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00253EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 5:16 a.m.•12 views

CVE-2026-10024

The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00228EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 5:16 a.m.•12 views

CVE-2026-10553

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS0.00145EPSS
Exploits0References4
NVD
NVD
•added 2026/06/09 3:16 a.m.•11 views

CVE-2026-11620

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

6.9CVSS0.00285EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 3:16 a.m.•20 views

CVE-2026-11621

A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated...

5.8CVSS0.00218EPSS
Exploits0References5
NVD
NVD
•added 2026/06/09 3:16 a.m.•11 views

CVE-2026-5714

The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘locationdir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level...

6.4CVSS0.00181EPSS
Exploits0References3
NVD
NVD
•added 2026/06/09 3:16 a.m.•13 views

CVE-2026-7556

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS0.00241EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 3:16 a.m.•13 views

CVE-2026-11618

A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInterceptor.java of the component Source Connection Test Endpoint. Executing a manipulation can lead ...

7.5CVSS0.00401EPSS
Exploits0References7
NVD
NVD
•added 2026/06/09 3:16 a.m.•12 views

CVE-2026-11619

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Legacy Filemanager. The manipulation leads to improper authorization. It is possible to initiate the...

6.5CVSS0.00209EPSS
Exploits0References6
NVD
NVD
•added 2026/06/09 2:16 a.m.•18 views

CVE-2026-10862

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

6.4CVSS0.00155EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•13 views

CVE-2026-44755

SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerability has a low impact on integrity and does not affect the confidentiality and availability of th...

4.3CVSS0.00109EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•20 views

CVE-2026-44757

SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the...

4.7CVSS0.00154EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•19 views

CVE-2026-44754

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS0.00219EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•16 views

CVE-2026-8795

A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in clientinfo.json inside a collection ZIP is inserted into a YAML template via Go's text/template without escaping. An attacker providing a crafted...

7.8CVSS0.00148EPSS
Exploits0References1
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-40128

SAP NetWeaver Application Server Java Web Container allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal and processing of the included file. Processing the included file could allow the attacker to view or...

9CVSS0.00454EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-44744

SAP S/4HANAOn-Premise contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized database queries.This flaw exposes sensitive information to which they should not otherwise have access...

6.5CVSS0.00224EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS0.00199EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•18 views

CVE-2026-44751

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS0.00207EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•26 views

CVE-2026-44743

Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the data. There is no impact on integrity and availability of the application...

3.7CVSS0.00188EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•81 views

CVE-2026-44748

SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier. This may result in acceptance of tampered identity information leading to unauthorized access to...

9.9CVSS0.00231EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•14 views

CVE-2026-44750

SAP MDG Review Match Groups Application does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise be restricted, resulting in escalation of privileges. This has a low impact on integrity, while...

4.3CVSS0.00161EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•20 views

CVE-2026-24315

SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credentials. Successful exploitation requires adversaries to possess advanced knowledge of the system...

4.2CVSS0.00174EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 1:16 a.m.•19 views

CVE-2026-27671

Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that exploits logical errors in memory management, leading to memory corruption. This could lead to a high...

9.8CVSS0.00437EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•20 views

CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11698

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•12 views

CVE-2026-11701

Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS0.00178EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•12 views

CVE-2026-11696

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00193EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11700

Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•23 views

CVE-2026-11699

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•23 views

CVE-2026-11686

Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00171EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•20 views

CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00169EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11690

Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00214EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11689

Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS0.00218EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•18 views

CVE-2026-11693

Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

8.1CVSS0.00184EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•19 views

CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00214EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•12 views

CVE-2026-11695

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00177EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•18 views

CVE-2026-11688

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00256EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•16 views

CVE-2026-11687

Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00203EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•18 views

CVE-2026-11692

Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•14 views

CVE-2026-11680

Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00243EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•15 views

CVE-2026-11679

Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00179EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•16 views

CVE-2026-11683

Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00307EPSS
Exploits0References2
NVD
NVD
•added 2026/06/09 12:16 a.m.•16 views

CVE-2026-11678

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00177EPSS
Exploits0References2
Total number of security vulnerabilities366241