Lucene search
K
VulnrichmentRecent

162689 matches found

Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15776

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15777

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago5 views

CVE-2026-15774

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15770

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago4 views

CVE-2026-15767

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

6.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15766

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago3 views

CVE-2026-15764

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 3 hours ago2 views

CVE-2026-15765

Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-50659 .NET Spoofing Vulnerability

...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-50651 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-15409

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

7AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-13001 Podlove Podcast Publisher <= 4.5.1 - Unauthenticated Arbitrary File Upload via podlove_image_cache_url Parameter

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'podlovehandlecachefiles' function in all versions up to, and including, 4.5.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS6.5AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 4 hours ago5 views

CVE-2026-50648 .NET Framework Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-50527 .NET Framework Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-50525 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-50524 .NET Framework Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 4 hours ago3 views

CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-45304 Symfony: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.0005EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-47302 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago3 views

CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-45063 Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00069EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-45073 Symfony: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-45753 Symfony: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — javascript: URI Survives Sanitization (XSS)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...

2.1CVSS6.1AI score0.00082EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 hours ago2 views

CVE-2026-15712 Soupclientmessageiohttp2: libsoup3: libsoup: http/2 goaway frame parsing heap buffer over-read via invalid nul-termination assumption

A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminate...

5.9CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-45074 Symfony: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...

7.6CVSS6.1AI score0.00064EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-47967 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-47969 Audition | Out-of-bounds Read (CWE-125)

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

5.5CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-47968 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago4 views

CVE-2026-48368 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-45077 Symfony: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-15715 SourceCodester Class and Exam Timetabling System exam.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit ...

5.3CVSS4.7AI score
Exploits0References7
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-45065 Symfony: UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters against a pattern built as ^ plus the raw requirement plus $; with ungrouped alternations, middle alternatives mat...

2.3CVSS6.1AI score0.0004EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-45067 Symfony: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-58529 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability

...

7.1CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-55121 Microsoft Office Information Disclosure Vulnerability

...

5.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-56181 Windows Network Address Translation (NAT) Spoofing Vulnerability

...

8.3CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-58637 Windows Client-Side Caching Elevation of Privilege Vulnerability

...

7CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-58633 Desktop Window Manager Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-58634 Desktop Window Manager Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago2 views

CVE-2026-58632 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-58627 Windows DHCP Server Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago5 views

CVE-2026-58626 Windows Remote Desktop Services Remote Code Execution Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 6 hours ago3 views

CVE-2026-58619 Windows Sensor Data Service Elevation of Privilege Vulnerability

...

7CVSS6.1AI score
Exploits0References1
Total number of security vulnerabilities162689