Lucene search
K

364114 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2026-15138

A security vulnerability has been detected in tumf mcp-text-editor up to 1.0.2. This issue affects the function validatefilepath of the file mcptexteditor/texteditor.py. Such manipulation of the argument filepath leads to path traversal. The attack can be launched remotely. The exploit has been...

7.5CVSS
Exploits0References6
NVD
NVD
added 3 hours ago4 views

CVE-2026-47646

Improper neutralization of input during web page generation 'cross-site scripting' in Dynamics 365 Customer Voice allows an unauthorized attacker to perform spoofing over a network...

9.3CVSS
Exploits0References1
NVD
NVD
added 3 hours ago3 views

CVE-2026-15135

A security flaw has been discovered in code-projects Online Food Order System 1.0. This affects an unknown part of the file /editfooditems.php. The manipulation of the argument update results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

7.5CVSS
Exploits0References6
NVD
NVD
added 3 hours ago5 views

CVE-2026-15137

A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

7.5CVSS
Exploits0References6
NVD
NVD
added 3 hours ago4 views

CVE-2026-15134

A vulnerability was determined in CodeAstro Simple Online Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /SimpleOnlineLeave/index.php. Executing a manipulation of the argument email can lead to sql injection. The attack may be performed from...

7.5CVSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-54782

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...

10CVSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-59723

Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...

8.8CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-54784

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. In version 1.9.0, CoreWCF SPNEGO SecurityContextToken negotiation can expose the proof key recovered from the RSTR when TransportWithMessageCredential with Windows client credentials and session...

7.4CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-54783

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security endorsing and supporting signature verification does not ensure the selected ds:Signature covers the expected Security header target, allowing an attacker with...

7.4CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-54775

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-54779

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token replay protection is inoperative because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captur...

5.9CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-54774

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, SamlSerializer skips final SignatureValue verification when a CoreWCF service validates SAML tokens using a non-X.509 signing token, allowing an attacker to reference a non-X.509...

7.4CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-54778

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF UnixDomainSocket POSIX peer identity resolution uses non-reentrant getpwuid and getgrgid calls, allowing concurrent connections to attribute one connection's identity to...

6.2CVSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-54776

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-54780

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, the CoreWCF WS-Security 1.0 receive pipeline validates ds:SignedInfo SignatureMethod against the configured SecurityAlgorithmSuite but does not validate each ds:Reference...

3.7CVSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-54781

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML token validation does not enforce SubjectConfirmation method URIs or holder-of-key proof keys in SamlSecurityTokenHandler, allowing holder-of-key downgrade or custom...

7.4CVSS
Exploits0References6
NVD
NVD
added yesterday4 views

CVE-2026-15129

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15131

Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-54499

Stanza is a Stanford NLP Python library for tokenization, sentence segmentation, NER, and parsing of many human languages. Prior to 1.12.2, Stanza model loaders such as stanza.models.common.pretrain.Pretrain.load attempt torch.load..., weightsonly=True but fall back to torch.load...,...

7.5CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-54773

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS
Exploits0References6
NVD
NVD
added yesterday3 views

CVE-2026-15130

Insufficient policy enforcement in Navigation in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15132

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15133

Use after free in InterestGroups in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-54772

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF...

7.5CVSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-15119

Race in GetUserMedia in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-15121

Use after free in WebRTC in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15124

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15126

Use after free in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-15128

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15120

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15122

Insufficient validation of untrusted input in Codecs in Google Chrome on Windows prior to 150.0.7871.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15123

Inappropriate implementation in DOM in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15125

Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15127

Inappropriate implementation in WebGL in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15111

Use after free in Views in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15112

Use after free in Ozone in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-15114

Out of bounds read and write in Codecs in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15116

Use after free in Actor in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15115

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15118

Use after free in Input in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15117

Use after free in Payments in Google Chrome prior to 150.0.7871.115 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15109

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15110

Use after free in Extensions in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15113

Use after free in Autofill in Google Chrome on Android prior to 150.0.7871.115 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15105

A flaw has been found in davenardella snap7 up to 1.4.3. This affects the function TS7Worker::PerformFunctionRead of the file src/core/s7server.cpp of the component ReadVar Request Handler. This manipulation causes deserialization. The attack requires access to the local network. The exploit has...

6.3CVSS
Exploits0References7
NVD
NVD
added yesterday4 views

CVE-2026-15107

Use after free in IndexedDB in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-15108

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-55878

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS
Exploits0References4
NVD
NVD
added yesterday4 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-5923

Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage...

6CVSS
Exploits0References1
Total number of security vulnerabilities364114