Lucene search
K

365264 matches found

NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10901

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS0.00341EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.5 views

CVE-2026-10902

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10897

Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10895

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.11 views

CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2026-10887

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.1CVSS0.00404EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.9 views

CVE-2026-10891

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.9 views

CVE-2026-10893

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.8CVSS0.0036EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2026-10888

Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...

8.8CVSS0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.13 views

CVE-2026-10889

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.7 views

CVE-2026-10890

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. Chromium security severity: Critical...

8.8CVSS0.00183EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.7 views

CVE-2026-10892

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS0.00325EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.6 views

CVE-2026-10894

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00467EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

6.5CVSS0.00303EPSS
Exploits0References5
NVD
NVD
added 2026/06/04 11:16 p.m.6 views

CVE-2026-10881

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2026-10883

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.0039EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2026-10885

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS0.00374EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS0.00303EPSS
Exploits0References5
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2026-10884

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS0.00286EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2024-27892

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS0.00302EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:16 p.m.9 views

CVE-2026-10873

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstatspath of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

8.6CVSS0.02695EPSS
Exploits0References7
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2025-8873

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:16 p.m.11 views

CVE-2026-10872

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function startvpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public and could be used...

8.6CVSS0.02635EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2024-27891

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied...

6.9CVSS0.00282EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:16 p.m.10 views

CVE-2023-5502

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication...

8.2CVSS0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:16 p.m.8 views

CVE-2024-27890

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch...

9.6CVSS0.0443EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS0.00183EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 10:16 p.m.10 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 p.m.15 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS0.00232EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 p.m.12 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 10:16 p.m.13 views

CVE-2026-10871

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

8.6CVSS0.02199EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 10:16 p.m.11 views

CVE-2026-11322

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...

7.1CVSS0.00323EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 10:16 p.m.13 views

CVE-2024-6858

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN...

6.5CVSS0.00143EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 9:16 p.m.17 views

CVE-2026-10870

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function startdhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. This project is...

8.6CVSS0.02199EPSS
Exploits0References6
NVD
NVD
added 2026/06/04 9:16 p.m.10 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS0.00175EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 9:16 p.m.11 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 9:16 p.m.21 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

8.8CVSS0.0032EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 8:16 p.m.12 views

CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...

7.1CVSS0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 8:16 p.m.12 views

CVE-2026-5589

An integer underflow in btmeshsolrecv in the Bluetooth Mesh solicitation handling subsys/bluetooth/mesh/solicitation.c leads to an out-of-bounds write. When CONFIGBTMESHODPRIVPROXYSRV is enabled, the function parses solicitation PDUs from raw BLE advertising payloads. The AD parsing loop reads an...

6.3CVSS0.00218EPSS
Exploits1References1
NVD
NVD
added 2026/06/04 8:16 p.m.23 views

CVE-2026-41518

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS0.002EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 8:16 p.m.11 views

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

8.2CVSS0.00433EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 8:16 p.m.13 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS0.00122EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.16 views

CVE-2026-48480

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received before the outer HTTP body terminates. An on-path adversar...

8.7CVSS0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.13 views

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS0.00366EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.10 views

CVE-2026-41237

Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses \s+ which matches newlines allowing embedded newlines to pass, TLSA matchingType=0 has no upper bound on hex data length, and all validators return raw input without zone-file escaping...

8.6CVSS0.00269EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 7:16 p.m.17 views

CVE-2026-41235

Froxlor is open source server administration software. Version 2.3.6 lets administrators configure system.availableshells as the approved shell list that customers may assign to FTP users. However, the server-side FTP account handlers do not enforce that whitelist when processing add or edit...

9.4CVSS0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.16 views

CVE-2026-40898

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field...

7.5CVSS0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 7:16 p.m.14 views

CVE-2026-41234

Froxlor is open source server administration software. Prior to version 2.3.7, the DomainZones.add API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled can inject newlines into TXT record values, which break out of the record...

7.6CVSS0.0027EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 7:16 p.m.18 views

CVE-2026-36499

A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...

6.5CVSS0.00328EPSS
Exploits0References1
Total number of security vulnerabilities365264