Lucene search
K

366089 matches found

NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-53633

Vitest is a testing framework powered by Vite. From 3.0.0 until 3.2.5, 4.1.8, and 5.0.0-beta.4, Vitest Browser Mode exposed a cdp API that forwarded raw Chrome DevTools Protocol methods without being gated by allowWrite or allowExec, allowing a remote client with exposed browser API metadata to u...

9.8CVSS0.00089EPSS
Exploits0References10
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-50649

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-50651

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-50650

Improper control of generation of code 'code injection' in .NET Framework allows an unauthorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•4 views

CVE-2026-50659

Improper encoding or escaping of output in .NET allows an authorized attacker to perform spoofing over a network...

6.5CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-50648

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-50524

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-50646

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-50527

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-50528

Incorrect authorization in .NET allows an unauthorized attacker to bypass a security feature over a network...

8.2CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-50525

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48747

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.13 and 8.0.13, MailomatRequestParser::validateSignature parsed X-MOM-Webhook-Signature as algo=signature and passed the request-selected algorithm to hashhmac, allowing a signature...

6.3CVSS0.00018EPSS
Exploits0References4
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48761

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlAttributeSanitizer::getSupportedAttributes omitted URL-bearing attributes on , , , and , and URLs inside content bypassed URL sanitization, allowing...

5.3CVSS0.00051EPSS
Exploits0References5
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48760

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0 until 6.4.41, 7.4.13, and 8.0.13, UrlSanitizer::parse rejected raw BiDi formatting characters but not percent-encoded forms and used an ASCII-only whitespace check, allowing sanitized URLs...

5.3CVSS0.00025EPSS
Exploits0References5
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48784

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, UrlGenerator::doGenerate used strtr dot-segment encoding that skipped every other chained ../ or ./ segment, allowing attacker-controlled route parameters...

5.1CVSS0.00026EPSS
Exploits0References5
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48736

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.0 to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, NoPrivateNetworkHttpClient and IpUtils::PRIVATESUBNETS omitted IPv6 transition prefixes such as 6to4, NAT64, Teredo, and IPv4-compatible IPv6, allowi...

6.9CVSS0.00029EPSS
Exploits0References6
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48489

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.53, 6.4.41, 7.4.13, and 8.0.13, DefaultAuthenticationFailureHandler honored the request-supplied failurepath parameter when failureforward: true was enabled, allowing an unauthenticated...

8.7CVSS0.00058EPSS
Exploits0References5
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48371

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerabl...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48349

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scope is changed...

8.1CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48355

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48350

Animate is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to access sensitive files or directories outside the...

8.6CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48359

Adobe Experience Manager is affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could exploit this vulnerability to read sensitive files, potentially...

9.6CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48358

Adobe Commerce is affected by an Improper Encoding or Escaping of Output vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48356

Adobe Commerce is affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated...

9.6CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48310

Adobe Experience Manager is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access...

8.6CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48345

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

8.2CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48348

Animate is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must open a maliciou...

7.7CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48346

Animate is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...

7.9CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48347

Animate is affected by an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

7.7CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48263

Adobe Experience Manager is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48262

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48260

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48252

Adobe Experience Manager is affected by a Missing Authentication for Critical Function vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not...

8.6CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48257

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48254

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48261

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48253

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48255

Adobe Experience Manager is affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in...

5.4CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48259

Adobe Experience Manager is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. A low-privileged attacker could leverage this vulnerability to issue unauthorized server-side requests, potentially gaining...

9.6CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-47998

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control...

5.9CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-47999

Adobe Commerce is affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerab...

4.8CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48069

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...

7.5CVSS0.00052EPSS
Exploits0References13
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48000

Adobe Commerce is affected by an Improper Redirect Open Redirect vulnerability that could result in a Security feature bypass. An attacker could construct a malicious URL that redirects a victim to an attacker-controlled site, potentially enabling credential theft and account takeover. Exploitati...

4.3CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-48068

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming HTTP/2 stream initiation can cause a server process created using @grpc/grpc-js to crash. This issue is fixed in...

7.5CVSS0.00052EPSS
Exploits0References13
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48038

joi is a schema description language and data validator for JavaScript. Prior to 17.13.4 and 18.2.1, denial of service is possible via an untrapped exception in services validating user-supplied JSON or object input with recursive link schemas. When validate is called without try/catch in a reque...

5.3CVSS0.00039EPSS
Exploits0References4
NVD
NVD
•added 34 minutes ago•3 views

CVE-2026-48001

Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction...

3.7CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-47984

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interactio...

8.2CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-47997

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploit depends on conditions beyond the attacker's control...

5.9CVSS
Exploits0References1
NVD
NVD
•added 34 minutes ago•2 views

CVE-2026-47992

Adobe Commerce is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to execute malicious SQL...

7.2CVSS
Exploits0References1
Total number of security vulnerabilities366089