Lucene search
K
VulnrichmentRecent

161127 matches found

Vulnrichment
Vulnrichment
added 2026/07/02 2:14 a.m.8 views

CVE-2026-13125 GeoVision GeoWebPlayer 1.1.1.0 Websocket Server function vulnerability

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.4 views

CVE-2026-52189

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub487330 component...

6AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.6 views

CVE-2026-52192

An issue in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub445C5C component...

6AI score0.00409EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.5 views

CVE-2026-52188

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead//sub497498 component...

6AI score0.00237EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.6 views

CVE-2026-52187

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub483ba0 component...

6AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.5 views

CVE-2026-38971

ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...

5.9AI score0.00448EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.5 views

CVE-2026-52191

Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub444C8C component...

6AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38972

Notepad3 through 6.25.822.1 contains a DLL search-order hijacking vulnerability in the About-dialog code path in src/Notepad3.c. The application calls LoadLibraryL"MSFTEDIT.DLL" with a bare DLL name, which allows a local attacker to place a malicious MSFTEDIT.DLL in the application directory or...

6.6AI score0.00148EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.4 views

CVE-2026-38968

ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding...

6AI score0.00379EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.5 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

5.9AI score0.00289EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/02 12:0 a.m.5 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

5.9AI score0.00451EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 11:43 p.m.9 views

CVE-2026-50280 Craft CMS: Authorization bypass in `entries/move-to-section` via missing target-section save check

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 and above prior to 5.9.21, the EntriesController::actionMoveToSection endpoint gates the destination section only by viewEntries:$section-uid rather than requiring saveEntries permission the source entry is separately checked via...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 11:31 p.m.7 views

CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS5.9AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 11:26 p.m.10 views

CVE-2026-55794 Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 11:20 p.m.7 views

CVE-2026-55792 Craft CMS: Sensitive File Disclosure / Server-Side File Read

Craft CMS is a content management system CMS. In versions starting from 4.0.0-RC1 and prior to 4.18.0, and 5.0.0-RC1 and above, prior to 5.10.0, the dataUrl Twig function is included in Craft’s Twig sandbox allowlist, allowing any control panel user granted the utility:system-messages permission ...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 11:13 p.m.8 views

CVE-2026-55791 Craft CMS: Blind SSRF and Arbitrary JavaScript Injection via Host Header Poisoning in actionResourceJs

Craft CMS is a content management system CMS. Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior to 5.10.0, are vulnerable to Server-Side Request Forgery SSRF and Arbitrary JavaScript Injection through the /actions/app/resource-js endpoint. By exploiting the default...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 11:5 p.m.9 views

CVE-2026-14439 Path Traversal in Altium Git Service Allows Remote Code Execution

A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that use user-supplied paths without validation, allowing an authenticated user with basic git access to...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 10:57 p.m.8 views

CVE-2026-55790 Craft CMS: DOM XSS via GitHub issue title in CraftSupport widget

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22 and 4.0.0-RC1 through 4.17.15, an attacker with only a GitHub account can plant a JavaScript payload in a craftcms/cms issue title. When a Craft admin uses the CraftSupport widget’s "Give feedback" screen and types...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:37 p.m.8 views

CVE-2026-50284 Craft CMS: Missing peer-permission check in `AssetsController::actionDeleteFolder` allows deletion of other users' assets

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.21 and 4.0.0-RC1 through 4.17.14, theAssetsController::actionDeleteFolder only requires the deleteAssets: permission for the target folder. It never enforces deletePeerAssets:, even though Assets::deleteFoldersByIds...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:35 p.m.9 views

CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.10 views

CVE-2026-14426

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00216EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.10 views

CVE-2026-14394

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14432

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.8 views

CVE-2026-14393

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00281EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.13 views

CVE-2026-14403

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14417

Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14419

Use after free in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14424

Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.10 views

CVE-2026-14425

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00218EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14390

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14405

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.8 views

CVE-2026-14398

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.8 views

CVE-2026-14408

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:22 p.m.9 views

CVE-2026-14399

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14421

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14413

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14418

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14402

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14431

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14395

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.10 views

CVE-2026-14423

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.10 views

CVE-2026-14400

Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14392

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14397

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14406

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14416

Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14388

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.12 views

CVE-2026-14386

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14422

Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00271EPSS
Exploits0References2
Total number of security vulnerabilities161127