Lucene search
K
VulnrichmentRecent

162703 matches found

Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48295 CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48290 CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)

CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...

8.2CVSS6.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48357 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48296 CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48312 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-48287 CAI Content Credentials | Untrusted Search Path (CWE-426)

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...

7.4CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48351 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48302 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48354 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not requir...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48298 CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-48352 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-48353 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user...

5.5CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15777

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15776

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-15774

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15770

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-15767

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

6.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15766

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-15765

Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15764

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15410

Post-authentication improper control of generation of code 'Code Injection' vulnerability has been identified in the SMA1000 Appliance Management Console AMC which in specific conditions could potentially enable a remote authenticated attacker as administrator to execute arbitrary OS commands...

7.2AI score
Exploits1References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50659 .NET Spoofing Vulnerability

...

6.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50651 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-15409

A Server-side request forgery SSRF vulnerability has been identified in the SMA1000 Appliance Work Place interface. A remote unauthenticated attacker could potentially cause the appliance to make requests to unintended location...

7AI score
Exploits1References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-13001 Podlove Podcast Publisher <= 4.5.1 - Unauthenticated Arbitrary File Upload via podlove_image_cache_url Parameter

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'podlovehandlecachefiles' function in all versions up to, and including, 4.5.1. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS6.5AI score
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-50648 .NET Framework Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50527 .NET Framework Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50525 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-50524 .NET Framework Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00026EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-45304 Symfony: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-45069 Symfony: OidcTokenHandler Accepts JWTs Missing aud/iss/exp Claims

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...

8.8CVSS6.1AI score0.0005EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-47303 ASP.NET Core Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-47301 Configuration Manager Elevation of Privilege Vulnerability

...

8.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-47302 .NET Denial of Service Vulnerability

...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-45063 Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00069EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-45073 Symfony: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, PdoAdapter::doClear builds a DELETE statement using a namespace derived from the caller-supplied $prefix without binding or escaping it, allowing a caller...

6.3CVSS6.1AI score0.00062EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-45753 Symfony: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — javascript: URI Survives Sanitization (XSS)

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlAttributeSanitizer::getSupportedAttributes omits URL-valued attributes including action, formaction, poster, and cite, so configurations that adm...

2.1CVSS6.1AI score0.00082EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-15712 Soupclientmessageiohttp2: libsoup3: libsoup: http/2 goaway frame parsing heap buffer over-read via invalid nul-termination assumption

A heap buffer over-read vulnerability was discovered in libsoup's versions: libsoup 3.0 to 3.7.0 HTTP/2 connection tracking framework. When the library processes an HTTP/2 GOAWAY frame, it improperly handles the "Additional Debug Data" payload by assuming the data stream is a safely NUL-terminate...

5.9CVSS6.1AI score
Exploits0References3
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-45074 Symfony: Cas2Handler Derives CAS service URL from Client Host Header → Cross-Service Ticket Replay

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...

7.6CVSS6.1AI score0.00064EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-47967 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-47969 Audition | Out-of-bounds Read (CWE-125)

Audition is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

5.5CVSS6AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-47968 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-48368 Audition | Out-of-bounds Write (CWE-787)

Audition is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-45077 Symfony: Unauthenticated PHP Object Deserialization in MonologBridge server:log Listener

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the server:log listener Symfony\Bridge\Monolog\Command\ServerLogCommand binds to 0.0.0.0:9911 by default and processes each received frame with...

8.3CVSS6.1AI score0.01261EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday2 views

CVE-2026-15715 SourceCodester Class and Exam Timetabling System exam.php cross site scripting

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit ...

5.3CVSS4.7AI score
Exploits0References7
Total number of security vulnerabilities162703