Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/10 6:7 p.m.•8 views

CVE-2026-11646

An use after free flaw was found in the ViewTransitions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517168239...

8.8CVSS5.4AI score0.00262EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:7 p.m.•7 views

CVE-2026-11644

An use after free flaw was found in the Views component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518043597...

8CVSS5.4AI score0.00202EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•8 views

CVE-2026-11643

An use after free flaw was found in the Proxy component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=518006379...

9.8CVSS5.4AI score0.00271EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•6 views

CVE-2026-11641

An use after free flaw was found in the Bluetooth component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517418936...

8.8CVSS5.4AI score0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•8 views

CVE-2026-11642

An use after free flaw was found in the Web Apps component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517678820...

9CVSS5.4AI score0.00231EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•10 views

CVE-2026-11640

An integer overflow flaw was found in the libyuv component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517339758...

9CVSS5.4AI score0.00231EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•7 views

CVE-2026-11639

An use after free flaw was found in the Compositing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517227707...

8.8CVSS5.4AI score0.00275EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•7 views

CVE-2026-11638

An use after free flaw was found in the Printing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517047197...

9.6CVSS5.4AI score0.00252EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•6 views

CVE-2026-11637

An use after free flaw was found in the Views component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517040438...

8.8CVSS5.4AI score0.00262EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•7 views

CVE-2026-11636

An use after free flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517023053...

8.8CVSS5.4AI score0.00222EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•7 views

CVE-2026-11635

An use after free flaw was found in the Bluetooth component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516987814...

9CVSS5.4AI score0.00222EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•6 views

CVE-2026-11634

An use after free flaw was found in the Gamepad component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516975148...

9.6CVSS5.4AI score0.00252EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 6:0 p.m.•6 views

CVE-2026-11633

An use after free flaw was found in the Bluetooth component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516963272...

8.8CVSS5.4AI score0.00232EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 5:59 p.m.•6 views

CVE-2026-11632

An use after free flaw was found in the TabStrip component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516707881...

8.8CVSS5.4AI score0.00264EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 5:59 p.m.•7 views

CVE-2026-11631

An use after free flaw was found in the Aura component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516691130...

9.9CVSS5.4AI score0.00222EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 5:59 p.m.•8 views

CVE-2026-11628

An use after free flaw was found in the Ozone component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516501794...

6.8CVSS5.4AI score0.00181EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 5:59 p.m.•6 views

CVE-2026-11630

An use after free flaw was found in the File Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516677924...

8.8CVSS5.4AI score0.00252EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 5:59 p.m.•7 views

CVE-2026-11629

An use after free flaw was found in the Ozone component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516674532...

8.8CVSS5.4AI score0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 3:58 p.m.•8 views

CVE-2026-45491

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/10 3:57 p.m.•5 views

CVE-2026-45591

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS5.9AI score0.0243EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/10 3:56 p.m.•9 views

CVE-2026-45490

A flaw was found in the .NET SDK dotnet.exe workload command on Windows. Insufficient access controls on a named pipe could allow a local attacker to perform arbitrary file creation or truncation operations with the privileges of another local user. This issue may lead to privilege escalation and...

7.8CVSS5.9AI score0.00384EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/10 3:1 p.m.•11 views

CVE-2026-42599

A flaw was found in Svelte. When an application uses spread syntax to render attributes from untrusted data, event handler properties are included in the generated HTML output. This allows a remote attacker to inject malicious event handlers that can execute in a victim's web browser, leading to...

6.1CVSS5.4AI score0.00168EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•11 views

CVE-2026-36724

An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the moduletask:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...

6.5CVSS5.5AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-36728

A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...

5.4CVSS5.6AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•11 views

CVE-2023-29146

The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...

8.2CVSS5.5AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-24065

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client process identifier PID to verify code-signing identity. Because process identifiers can be reuse...

8.1CVSS6.1AI score0.00323EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-24064

Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLDINSERTLIBRARIES...

7.8CVSS6.2AI score0.00151EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•12 views

CVE-2026-30141

An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...

9.8CVSS6.3AI score0.00573EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•8 views

CVE-2026-49938

A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•7 views

CVE-2025-10263

A flaw was found in the Linux kernel on ARM processors. A race condition in Translation Lookaside Buffer Invalidation TLBI operations during memory permission changes allows a local attacker to write to memory resources owned by higher privilege levels. This could allow an unprivileged local...

9.1CVSS5.4AI score0.00463EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•13 views

CVE-2025-67862

An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability CWE-1244 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiPro...

6.7CVSS5.6AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•11 views

CVE-2026-11764

When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown...

6.9CVSS5.5AI score0.00229EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

4.6CVSS5.8AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•11 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-4058

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the usersubscriptioncancel function in all versions up to, and including, 4.3.2. Thi...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•13 views

CVE-2026-49740

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sysregistry database table could inject a crafted serialized...

6.3CVSS5.8AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-47900

Logseq is vulnerable to a stored cross-site scripting XSS. A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" without proper sanitization, allowing the execution of arbitrary code in the privileged host context...

4.6CVSS5.7AI score0.00139EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-49738

The path allowance check in GeneralUtility::isAllowedAbsPath performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/secret.yaml to be incorrectly accepted as valid when the project root was /var/www/html. Administrator...

2.1CVSS5.4AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•9 views

CVE-2026-47347

Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out phishing attacks. This...

5.3CVSS5.5AI score0.00294EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-47348

Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search results via the Indexed Search plugin, these titles were rendered without proper output encoding,...

5.1CVSS5.5AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•10 views

CVE-2026-47349

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 p.m.•9 views

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•11 views

CVE-2026-9279

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name e.g. git, pandoc, grep, the argument string is concatenated with the command and passed to childprocess.spawn with the shell: true option, allowing shell...

8.7CVSS6.7AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•12 views

CVE-2026-8045

CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user account submits crafted XML payloads to SOAP service endpoints...

7.1CVSS5.4AI score0.00233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•10 views

CVE-2026-8025

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform: through 09062026. NOTE: The vendor was contacted and it was learned that the product is not...

9.8CVSS5.6AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•10 views

CVE-2026-49742

Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer FAL via the Media Module. Since the fallback storage resolves paths relative to the server's document root, this could expose sensitive files such as log files. This...

7.1CVSS5.4AI score0.00313EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•12 views

CVE-2026-47346

Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

7.6CVSS6AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•14 views

CVE-2026-25089

A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...

9.8CVSS6AI score0.23393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•10 views

CVE-2026-47351

Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they were not authorized to view. This issue affects TYPO3 CMS versions 10.4.0-13.4.30 and 14.0.0-14.3.2...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 p.m.•11 views

CVE-2026-49948

Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and embedder configuration but only verifies authentication via JWT or X-API-Key without validati...

8.6CVSS5.5AI score0.0029EPSS
Exploits0References1
Total number of security vulnerabilities206304