Lucene search
K

368905 matches found

CVE
CVE
added 6 days ago33 views

CVE-2026-14410

CVE-2026-14410 affects Google Chrome’s Skia rendering pipeline. The issue arises from an inappropriate implementation in Skia that, if a renderer process is compromised, enables UI spoofing via a crafted HTML page. Impact is limited to remote UI spoofing with no broader exploit chain described; b...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago12 views

CVE-2026-14404

CVE-2026-14404 affects Google Chrome via an incorrect implementation in PDFium, enabling a remote attacker to achieve UI spoofing through a crafted PDF file. The vulnerability is tied to Chrome versions before 150.0.7871.46 (Chromium security severity: Medium). The underlying root cause is an ina...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago18 views

CVE-2026-14427

CVE-2026-14427 : Heap buffer overflow in Skia used by Google Chrome prior to 150.0.7871.46. A remote attacker who already compromised the renderer could potentially escape the sandbox via a crafted HTML page. Affected: Chrome/Skia stack (Chrome 150 pre-release fix applies). Root cause: heap buffe...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago12 views

CVE-2026-14385

CVE-2026-14385 : Heap buffer overflow in ANGLE within Google Chrome on macOS prior to 150.0.7871.46 allows a remote attacker to trigger out-of-bounds memory access via a crafted HTML page. The issue affects ANGLE in Chrome and is tied to the macOS build; CVSS v3.1 base score: 8.8 (High). Remediat...

8.8CVSS6.1AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago10 views

CVE-2026-50283

Craft CMS versions 5.0.0-RC1–5.9.20 and 4.0.0-RC1–4.17.13 contain an authorization issue in AssetsController::actionReplaceFile that can delete a source asset without source delete permission when both assetId and sourceAssetId are supplied. The runtime loads assetId ($assetToReplace) and sourceA...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-50143

Technical details are not publicly available in the provided documents for CVE-2026-50143. The description indicates a reserved placeholder; monitor for updates and published specifics once available.

Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-50139

Technical details for CVE-2026-50139 are not publicly available in the provided documents. No affected products, vectors, or remediation are listed. Monitor for updates as new information is published.

Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-50138

Technical details for CVE-2026-50138 are not provided in the supplied documents. This CVE entry is reserved/placeholder with no public details. Monitor for updates as information becomes available.

Exploits0References4
CVE
CVE
added 6 days ago11 views

CVE-2026-53712

Technical details for CVE-2026-53712 are not publicly available in the provided documents. Monitor for updates.

Exploits0References4
CVE
CVE
added 6 days ago13 views

CVE-2026-50163

Technical details for CVE-2026-50163 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.

Exploits0References4
CVE
CVE
added 6 days ago11 views

CVE-2026-50162

Technical details for CVE-2026-50162 are not publicly available in the provided documents. No affected products, impact, or remediation are specified. Monitor for updates and referenced details when the candidate is enriched.

Exploits0References5
CVE
CVE
added 6 days ago18 views

CVE-2026-50151

Technical details are not publicly available in the provided documents. Monitor for updates as the CVE-2026-50151 entry is reserved with no disclosed components or impact.

Exploits0References6
CVE
CVE
added 6 days ago10 views

CVE-2026-54712

OpenTelemetry Java Instrumentation prior to 2.27.0 is affected. The issue resides in the RMI context propagation payload reader, which limits the number of context entries but does not limit the aggregate size of strings read, allowing an attacker who can reach a network-reachable RMI endpoint to...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago9 views

CVE-2026-54704

OpenTelemetry Java Instrumentation contains a vulnerability in JDBC auto-instrumentation prior to version 2.28.0 where passwords in SQL CONNECT statements may not be sanitized if the password is double-quoted. This can cause clear-text database passwords to be added to trace spans and exported to...

6.5CVSS5.7AI score0.00219EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago11 views

CVE-2026-54263

Wagtail (Django-based CMS) has a reflected XSS in the dynamic image URL generator view within the admin. A limited-permission editor could craft a URL that, when seen by a higher-privilege user, could act with that user’s credentials. Affected versions: < 7.0.8, < 7.3.3,

7.3CVSS5.5AI score0.00203EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago11 views

CVE-2026-54262

Wagtail’s CVE-2026-54262 affects the translation feature. In versions before 7.0.8, 7.3.3, and 7.4.2, a user with the can submit translation permission could create translations for any page, including pages they lack access to. The root cause is described as a permission/authorization issue rela...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago13 views

CVE-2026-54261

Wagtail (Django-based CMS) has a permission-check flaw in the image preview endpoint. In versions prior to 7.0.8, 7.3.3, and 7.4.2, a user with admin access could preview any image due to a missing permission check; this does not expose the image data itself to ordinary site visitors. The issue h...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago12 views

CVE-2026-54259

Wagtail (Django-based CMS) has a vulnerability in older branches where the Documents and Images chooser endpoint could show items to users who lack choose permission. Affected versions: < 7.0.8, < 7.3.3, and

4.3CVSS5.6AI score0.00162EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago12 views

CVE-2026-54260

CVE-2026-54260 affects Wagtail (Django-based CMS). In versions prior to 7.0.8, 7.3.3, and 7.4.2, an authenticated admin user can trigger expensive rendition processing via crafted filter specs in the image preview, leading to potential service degradation. This is not exploitable by anonymous vis...

4.3CVSS5.6AI score0.0022EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder