Lucene search
K
VulnrichmentRecent

162643 matches found

Vulnrichment
Vulnrichment
•added 1 hour ago•3 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 1 hour ago•3 views

CVE-2026-15409

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

7AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 1 hour ago•3 views

CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 hours ago•3 views

CVE-2026-45304 Symfony: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2 hours ago•3 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.0005EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2 hours ago•2 views

CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 hours ago•3 views

CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 2 hours ago•2 views

CVE-2026-45063 Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00069EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2 hours ago•1 views

CVE-2026-45073 Symfony: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 2 hours ago•2 views

CVE-2026-45753 Symfony: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — javascript: URI Survives Sanitization (XSS)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...

2.1CVSS6.1AI score0.00082EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2 hours ago•2 views

CVE-2026-15712 Soupclientmessageiohttp2: libsoup3: libsoup: http/2 goaway frame parsing heap buffer over-read via invalid nul-termination assumption

A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminate...

5.9CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-45074 Symfony: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...

7.6CVSS6.1AI score0.00064EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-47967 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-47969 Audition | Out-of-bounds Read (CWE-125)

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

5.5CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-47968 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•4 views

CVE-2026-48368 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-45077 Symfony: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-15715 SourceCodester Class and Exam Timetabling System exam.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit ...

5.3CVSS4.7AI score
Exploits0References7
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-45065 Symfony: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives mat...

2.3CVSS6.1AI score0.0004EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-45067 Symfony: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58529 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability

...

8.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•1 views

CVE-2026-55121 Microsoft Office Information Disclosure Vulnerability

...

5.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58633 Desktop Window Manager Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58634 Desktop Window Manager Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58632 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58627 Windows DHCP Server Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•5 views

CVE-2026-58626 Windows Remote Desktop Services Remote Code Execution Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58619 Windows Sensor Data Service Elevation of Privilege Vulnerability

...

7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58617 M365 Copilot for iOS Elevation of Privilege Vulnerability

...

8.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58541 Microsoft DWM Core Library Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58544 Windows Management Services Elevation of Privilege Vulnerability

...

7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58545 Windows Kernel Security Feature Bypass Vulnerability

...

5.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58547 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability

...

5.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58534 Windows Input Method Editor (IME) Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58532 Windows Kernel Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58539 Windows Remote Desktop Client Information Disclosure Vulnerability

...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58540 Windows Installer Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58546 Windows Remote Desktop Client Information Disclosure Vulnerability

...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58535 Windows Remote Desktop Client Information Disclosure Vulnerability

...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58533 Windows Remote Desktop Client Information Disclosure Vulnerability

...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58538 Windows Bluetooth Service Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58527 Windows Runtime Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-58528 Windows USB Audio Class Driver Information Disclosure Vulnerability

...

6.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-58277 Microsoft SharePoint Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•4 views

CVE-2026-57108 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•2 views

CVE-2026-57968 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-57102 Visual Studio Code Security Feature Bypass Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 3 hours ago•3 views

CVE-2026-57101 Visual Studio Code Security Feature Bypass Vulnerability

...

7.1CVSS6.1AI score
Exploits0References1
Total number of security vulnerabilities162643