Lucene search
K
RedhatcveRecent

206309 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-36785

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2025-70103

Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc...

7.3CVSS5.7AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10961

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508281950...

8.8CVSS5.4AI score0.00267EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

6.5CVSS5.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.16 views

CVE-2026-10952

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505231370...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.11 views

CVE-2026-10950

An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505123022...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10944

An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504215814...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.11 views

CVE-2026-10951

An use after free flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505191883...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.11 views

CVE-2026-10915

An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497612174...

8.8CVSS5.4AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10876

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-10958

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507251069...

8.8CVSS5.4AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-11285

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502090914...

4.3CVSS5.4AI score0.00183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11298

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502503860...

4.3CVSS5.4AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

8.8CVSS6.4AI score0.04236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10885

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504072665...

9.6CVSS5.4AI score0.00374EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.21 views

CVE-2026-11302

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...

4.3CVSS5.4AI score0.00179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.19 views

CVE-2026-11274

An inappropriate implementation flaw was found in the DOM Distiller component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501760514...

4.3CVSS5.4AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2026-11277

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.11 views

CVE-2026-10896

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513514692...

9.6CVSS5.4AI score0.00374EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS4.8AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.19 views

CVE-2026-11204

An inappropriate implementation flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505200733...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11280

An insufficient validation of untrusted input flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501892820...

4.3CVSS5.4AI score0.00183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11202

An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505144022...

8.8CVSS5.4AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-11165

An use after free flaw was found in the WebMIDI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502099949...

9.6CVSS5.4AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11272

An insufficient validation of untrusted input flaw was found in the Reading List component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501747321...

8.8CVSS5.4AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-11205

An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505290253...

6.5CVSS5.4AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11214

An inappropriate implementation flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508257850...

6.5CVSS5.4AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.4AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.16 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

6.3CVSS6AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

4.5CVSS5.5AI score0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.16 views

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.4AI score0.00756EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

7.5CVSS6.9AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.5AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.5AI score0.0764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44898

A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...

6.1CVSS6.5AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-44896

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows a remote attacker to inject malicious code into web pages, leading to Cross-Site Scripting XSS. The issue arises from the renderfigure function, which improperly handles figclass and figwidth options by directly...

6.1CVSS6.2AI score0.00198EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.10 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44899

A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...

6.1CVSS6AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-44897

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...

6.1CVSS5.1AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.13 views

CVE-2026-44708

A flaw was found in Mistune, a Python Markdown parser. The mistune math plugin improperly handles user-supplied content, such as inline and block math, by directly embedding it into the HTML output without proper HTML escaping. This vulnerability, which can lead to Cross-Site Scripting XSS, allow...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.11 views

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

6CVSS5.2AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-42538

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application can therefore be misused to host phishing pages, amongst other things. This also creates another...

6.3CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.11 views

CVE-2026-10871

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start6rdtunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv66rdborderrelay leads to os command injection. It is possible to launch the attack remotely. The...

8.6CVSS6.7AI score0.02199EPSS
Exploits0References1
Total number of security vulnerabilities206309