Lucene search
K
RedhatcveRecent

206514 matches found

RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.15 views

CVE-2026-21826

HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected ways...

6.1CVSS5.5AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.14 views

CVE-2026-21825

HCL Digital Experience Compose is affected by a reflected cross-site scripting XSS vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser...

6.1CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.16 views

CVE-2026-48961

A flaw was found in the zipdetails command-line interface CLI tool, bundled with IO::Compress for Perl. When processing a specially crafted Info-ZIP Unix Extra Field with an 8-byte User ID UID or Group ID GID, the zipdetails tool attempts to call an undefined subroutine. This can lead to the tool...

7.3CVSS5.7AI score0.00262EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.14 views

CVE-2026-49017

A flaw was found in OpenStack Swift. An authenticated attacker can exploit this vulnerability by sending a specially crafted, truncated aws-chunked PUT request body to the s3api middleware. This action causes an infinite loop within the StreamingInput class, leading to the affected proxy-server...

7.1CVSS5.3AI score0.00322EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/06 6:42 a.m.13 views

CVE-2026-8450

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6AI score0.01452EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-36785

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.16 views

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

6.1CVSS5.6AI score0.00199EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2025-70103

A flaw was found in libjxl, an image processing library. This heap buffer overflow vulnerability could potentially allow a remote attacker to cause a denial of service. The flaw occurs when processing specially crafted PBM Portable Bitmap images, primarily impacting applications that handle...

7.6CVSS6.2AI score0.00367EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-10961

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508281950...

8.8CVSS5.4AI score0.00267EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-10875

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument socialtwitter results in sql injection. The attack may be launched remotely. The exploit has been...

6.5CVSS6.4AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.19 views

CVE-2026-37737

sanic-cors version 2.2.0 and prior contains an improper regular expression in the trymatch function in saniccors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain...

6.5CVSS5.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-10952

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505231370...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2026-10874

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument socialinsta leads to sql injection. The attack may be initiated remotely. The exploit is publicly...

6.5CVSS6.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-10944

An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504215814...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10950

An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505123022...

8.8CVSS5.4AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10915

An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497612174...

8.8CVSS5.4AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10951

An use after free flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505191883...

8.8CVSS5.4AI score0.00312EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-10876

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available...

6.5CVSS6.3AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.16 views

CVE-2026-10958

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507251069...

8.8CVSS5.4AI score0.00361EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-11298

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502503860...

4.3CVSS5.4AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-11285

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502090914...

4.3CVSS5.4AI score0.00183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-10878

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument actionvalue results in command injection. The attack is possible to be carried out remotely. The exploit is now public and...

8.8CVSS6.4AI score0.04236EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-10885

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504072665...

9.6CVSS5.4AI score0.00374EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.22 views

CVE-2026-11302

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...

4.3CVSS5.4AI score0.00179EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-11277

An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501839664...

4.3CVSS5.4AI score0.00213EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.21 views

CVE-2026-11274

An inappropriate implementation flaw was found in the DOM Distiller component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501760514...

4.3CVSS5.4AI score0.00175EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.12 views

CVE-2026-10896

An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513514692...

9.6CVSS5.4AI score0.00374EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-11312

A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purgekvmap in the library /src/infinistore.h of the component KV Map Handler. Performing a manipulation results in inefficient algorithmic complexity. The attack requires a local approach. The...

4.8CVSS4.8AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-11280

An insufficient validation of untrusted input flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501892820...

4.3CVSS5.4AI score0.00183EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-11202

An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505144022...

8.8CVSS5.4AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.20 views

CVE-2026-11204

An inappropriate implementation flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505200733...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-11165

An use after free flaw was found in the WebMIDI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502099949...

9.6CVSS5.4AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-11272

An insufficient validation of untrusted input flaw was found in the Reading List component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501747321...

8.8CVSS5.4AI score0.00234EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-11214

An inappropriate implementation flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508257850...

6.5CVSS5.4AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-11205

An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505290253...

6.5CVSS5.4AI score0.00147EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.18 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.4AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-5066

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem subsys/net/lib/sockets/socketstls.c. When the TLS session cache is enabled, tlssessionstore and tlssessionrestore memcpy the caller-supplied address into a fixed-size buffer using the...

8.8CVSS6AI score0.00217EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2020-25900

HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client of other users. The client side was changed in 2019 to encrypt that database...

5.3CVSS5.5AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-50590

In Mimecast Incydr before 2.6.0, arbitrary file access can occur...

4.5CVSS5.5AI score0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.14 views

CVE-2026-47655

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network...

6.5CVSS5.4AI score0.00756EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.13 views

CVE-2026-10877

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack can be executed...

7.5CVSS6.9AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.20 views

CVE-2026-42329

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redirect the user to a malicious website controlled by an attacker. Version 2.4.28 fixes the issue...

4.7CVSS5.5AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-42539

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

6.5CVSS5.5AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.19 views

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.5AI score0.0764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.16 views

CVE-2026-42543

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, because they use the HTTP method GET to change state on the server. Version 2.4.28 contains a patch...

4.3CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.14 views

CVE-2026-42540

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...

4.3CVSS5.5AI score0.00183EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.15 views

CVE-2026-44898

A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...

6.1CVSS6.5AI score0.00228EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.15 views

CVE-2026-44896

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows a remote attacker to inject malicious code into web pages, leading to Cross-Site Scripting XSS. The issue arises from the renderfigure function, which improperly handles figclass and figwidth options by directly...

6.1CVSS6.2AI score0.00198EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.14 views

CVE-2026-42547

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assigned to them. This can be abused to falsely attribute fake alerts to customers. In combination wit...

5.4CVSS5.4AI score0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.16 views

CVE-2026-44899

A flaw was found in Mistune, a Python Markdown parser. The Image directive plugin, responsible for handling image dimensions, improperly validates user-supplied input for width and height options. This allows a remote attacker to inject arbitrary CSS into style attributes, potentially leading to...

6.1CVSS6AI score0.00228EPSS
Exploits1References5
Total number of security vulnerabilities206514