206514 matches found
CVE-2026-21826
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...
CVE-2026-21825
HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...
CVE-2026-48961
A flaw was found in the zipdetails command-line interface CLI tool, bundled with IO::Compress for Perl. When processing a specially crafted Info-ZIP Unix Extra Field with an 8-byte User ID UID or Group ID GID, the zipdetails tool attempts to call an undefined subroutine. This can lead to the tool...
CVE-2026-49017
A flaw was found in OpenStack Swift. An authenticated attacker can exploit this vulnerability by sending a specially crafted, truncated aws-chunked PUT request body to the s3api middleware. This action causes an infinite loop within the StreamingInput class, leading to the affected proxy-server...
CVE-2026-8450
A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...
CVE-2026-36785
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2026-38579
Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...
CVE-2025-70103
A flaw was found in libjxl, an image processing library. This heap buffer overflow vulnerability could potentially allow a remote attacker to cause a denial of service. The flaw occurs when processing specially crafted PBM Portable Bitmap images, primarily impacting applications that handle...
CVE-2026-10961
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508281950...
CVE-2026-10875
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-37737
sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...
CVE-2026-10952
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505231370...
CVE-2026-10874
A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...
CVE-2026-10944
An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504215814...
CVE-2026-10950
An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505123022...
CVE-2026-10915
An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497612174...
CVE-2026-10951
An use after free flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505191883...
CVE-2026-10876
A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...
CVE-2026-10958
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507251069...
CVE-2026-11298
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502503860...
CVE-2026-11285
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502090914...
CVE-2026-10878
A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...
CVE-2026-10885
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504072665...
CVE-2026-11302
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...
CVE-2026-11277
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...
CVE-2026-11274
An inappropriate implementation flaw was found in the DOM Distiller component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501760514...
CVE-2026-10896
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513514692...
CVE-2026-11312
A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...
CVE-2026-11280
An insufficient validation of untrusted input flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501892820...
CVE-2026-11202
An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505144022...
CVE-2026-11204
An inappropriate implementation flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505200733...
CVE-2026-11165
An use after free flaw was found in the WebMIDI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502099949...
CVE-2026-11272
An insufficient validation of untrusted input flaw was found in the Reading List component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501747321...
CVE-2026-11214
An inappropriate implementation flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508257850...
CVE-2026-11205
An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505290253...
CVE-2026-47644
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-5066
A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...
CVE-2020-25900
HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...
CVE-2026-50590
In Mimecast Incydr before 2.6.0, arbitrary file access can occur...
CVE-2026-47655
Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...
CVE-2026-10877
A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...
CVE-2026-42329
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...
CVE-2026-42539
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...
CVE-2026-42824
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42543
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...
CVE-2026-42540
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...
CVE-2026-44898
A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...
CVE-2026-44896
A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows a remote attacker to inject malicious code into web pages, leading to Cross-Site Scripting XSS. The issue arises from the renderfigure function, which improperly handles figclass and figwidth options by directly...
CVE-2026-42547
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...
CVE-2026-44899
A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...