Lucene search
K
VulnrichmentRecent

162945 matches found

Vulnrichment
Vulnrichment
•added 1 hour ago•2 views

CVE-2026-61871 ImageMagick before 7.1.2-26 Memory Leak in ICON decoder

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the ICON decoder that occurs when a memory allocation fails. Processing a crafted ICON file that triggers an allocation failure leaks memory, which may lead to a denial of service...

6.3CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added 1 hour ago•3 views

CVE-2026-61864 ImageMagick before 7.1.2-26 Memory Leak in Log Colorspace

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in color transformation to the log colorspace: when the operation fails, a small amount of memory is not released...

2.9CVSS6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added 6 hours ago•3 views

CVE-2026-12512 Quotes Llama < 3.1.6 - Unauthenticated SQL Injection via sc Parameter

The Quotes llama WordPress plugin before 3.1.6 does not properly sanitize and escape a user-supplied parameter before using it in a SQL query, allowing unauthenticated attackers to perform UNION-based SQL injection and read arbitrary data from the database, including password hashes...

6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 6 hours ago•4 views

CVE-2026-11580 Kali Forms < 2.4.17 - Contributor+ Arbitrary Post Metadata Disclosure via IDOR

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not perform a per-object capability check in its post-duplication AJAX action, allowing users with Contributor-level access or above to duplicate any post regardless of owner, post type, or status into a...

6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 6 hours ago•2 views

CVE-2026-12281 Shibboleth < 2.5.4 - Unauthenticated Administrator Account Creation via Identity Header Spoofing

The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach...

6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added 6 hours ago•2 views

CVE-2026-11579 Kali Forms < 2.4.17 - Unauthenticated Media Upload

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin before 2.4.17 does not verify that a file upload is made against an existing form configured with a file-upload field, accepting uploads regardless of whether any such form exists, which allows unauthenticated users to upload...

6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48290 CAI Content Credentials | Server-Side Request Forgery (SSRF) (CWE-918)

CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...

8.2CVSS6.4AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48295 CAI Content Credentials | Insufficiently Protected Credentials (CWE-522)

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48357 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials is affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48296 CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48287 CAI Content Credentials | Untrusted Search Path (CWE-426)

CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...

7.4CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48312 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue does not require user...

6.8CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48351 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48302 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48354 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials is affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not requir...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48298 CAI Content Credentials | Integer Underflow (Wrap or Wraparound) (CWE-191)

CAI Content Credentials is affected by an Integer Underflow Wrap or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not...

6.2CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48352 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require use...

7.5CVSS6.1AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48353 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials is affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user...

5.5CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48336 Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48337 Illustrator | Out-of-bounds Write (CWE-787)

Illustrator is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48334 Illustrator | Improper Input Validation (CWE-20)

Illustrator is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...

9.3CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48275 Illustrator | Untrusted Search Path (CWE-426)

Illustrator is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed...

8.6CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•6 views

CVE-2026-48324 ColdFusion | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE-89)

ColdFusion is affected by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48318 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope...

9.9CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48327 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48319 ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

ColdFusion is affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.1CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48322 ColdFusion | Improper Control of Generation of Code ('Code Injection') (CWE-94)

ColdFusion is affected by an Improper Control of Generation of Code 'Code Injection' vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48284 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.6CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48325 ColdFusion | Missing Authentication for Critical Function (CWE-306)

ColdFusion is affected by a Missing Authentication for Critical Function vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.3CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48340 Bridge | Untrusted Pointer Dereference (CWE-822)

Bridge is affected by an Untrusted Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48343 Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48339 Bridge | Heap-based Buffer Overflow (CWE-122)

Bridge is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48311 Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48341 Bridge | Out-of-bounds Write (CWE-787)

Bridge is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-48342 Bridge | Integer Overflow or Wraparound (CWE-190)

Bridge is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48272 Creative Cloud Desktop | Uncontrolled Search Path Element (CWE-427)

Creative Cloud Desktop is affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction. Scop...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48344 GoCart | Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

Creative Cloud Desktop is affected by a Time-of-check Time-of-use TOCTOU Race Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user...

7.8CVSS6.5AI score
Exploits0References1
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15776

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.4AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15777

Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15773

Use after free in Core in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•5 views

CVE-2026-15774

Use after free in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15771

Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-15772

Use after free in GPU in Google Chrome on Android prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15770

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15769

Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

6.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15766

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•4 views

CVE-2026-15767

Heap buffer overflow in libyuv in Google Chrome on Windows prior to 150.0.7871.125 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. Chromium security severity: High...

6.5AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•4 views

CVE-2026-15764

Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•3 views

CVE-2026-15765

Use after free in Ozone in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

6.1AI score
Exploits0References2
Vulnrichment
Vulnrichment
•added yesterday•2 views

CVE-2026-48367 After Effects | Out-of-bounds Write (CWE-787)

After Effects is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.5AI score
Exploits0References1
Total number of security vulnerabilities162945