Lucene search
K

368954 matches found

CVE
CVE
added 6 days ago14 views

CVE-2026-54756

The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 6 days ago15 views

CVE-2026-49998

Technical details for CVE-2026-49998 are not publicly available in the provided documents. Monitor for updates.

Exploits0References3
CVE
CVE
added 6 days ago18 views

CVE-2026-55886

CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-49997

Technical details for CVE-2026-49997 are not publicly available in the provided documents. The entry is reserved/placeholder. Monitor for updates as information may be released in the future.

0.00023EPSS
Exploits0References5
CVE
CVE
added 6 days ago62 views

CVE-2026-50521

CVE-2026-50521 : Use-after-free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. The vulnerability has a CVSS v3.1 base score of 8.3 (High) with network attack vector, low attack complexity, required privileges, no user interaction, and impact to co...

8.3CVSS5.9AI score0.00823EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago13 views

CVE-2026-54786

Wasmtime’s native WASIp1 fd_renumber implementation leaks host resources because the guest-facing fd_renumber updates only the WASIp1 descriptor table, not the host’s underlying table. This affects wasm runtimes that expose fd_renumber and allow file descriptors; affected versions include all pri...

5CVSS5.7AI score0.00217EPSS
Exploits0References1Affected Software1
CVE
CVE
added 6 days ago9 views

CVE-2026-54161

Technical details for CVE-2026-54161 are not publicly available in the provided documents; no affected products, impact, or remediation are listed. Monitor for updates from trusted sources.

Exploits0References4
CVE
CVE
added 6 days ago20 views

CVE-2026-55153

CVE-2026-55153 affects mchange-commons-java before 0.6.0, where the JNDI ObjectFactory (com.mchange.v2.naming.JavaBeanObjectFactory) constructs arbitrary JavaBean properties, enabling JNDI injection and deserialization gadget abuse in some classes. An example is setting a Swing JEditorPane’s cont...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 6 days ago14 views

CVE-2026-48815

Technical details for CVE-2026-48815 are not publicly available in the provided documents. No affected products, vectors, or remediation information are disclosed. Monitor for updates.

Exploits0References7
CVE
CVE
added 6 days ago9 views

CVE-2026-48816

Technical details for CVE-2026-48816 are not publicly available in the provided documents. Monitor for updates.

Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-49989

Technical details for CVE-2026-49989 are not publicly available in the provided documents. Monitor for updates.

Exploits0References4
CVE
CVE
added 6 days ago9 views

CVE-2026-55688

Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...

4CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 6 days ago7 views

CVE-2026-36541

Technical details are not publicly available in the provided documents for CVE-2026-36541; no affected products, vectors, or remediation are described. Monitor for updates.

Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-36542

Technical details for CVE-2026-36542 are not publicly available in the provided documents; no affected products, impact, or remediation are specified. Monitor for updates.

Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-54908

CVE-2026-54908 affects the Pion DTLS Go implementation. Versions prior to 3.1.4 are vulnerable to a remote Denial of Service caused by a panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue has been fixed in 3.1.4. No exploitation details are provided in the documents.

6.3CVSS5.8AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 6 days ago30 views

CVE-2026-14265

The CVE affects AWS Advanced JDBC Wrapper (AWR) RemoteQueryCachePlugin versions 3.3.0–4.0.0. Deserialization of untrusted data via ObjectInputStream without class filtering when reading cached query results from Redis or Valkey enables gadget-chain execution, allowing arbitrary code execution on ...

7.7CVSS6.3AI score0.00407EPSS
Exploits0References3
CVE
CVE
added 6 days ago14 views

CVE-2026-58593

NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...

8.7CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
CVE
CVE
added 6 days ago14 views

CVE-2026-58592

Vulnerability summary (CVE-2026-58592, Ladybird): A dangling-reference memory-safety flaw in Ladybird’s WebAssembly ESM integration loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
CVE
CVE
added 6 days ago18 views

CVE-2026-49858

API Platform Core contains a cross-user attribute leak in JSON:API and HAL item normalizers due to a missing isCacheKeySafe gate. Affected versions: 2.6.0 up to 4.1.28, 4.2.25, and 4.3.11 (i.e., before 4.1.29, 4.2.26, 4.3.12). Root cause: componentsCache arrays are keyed on $context['cache_key'] ...

5.9CVSS5.7AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-58457

CVE-2026-58457 affects Shenzhen Aitemi M300 MT02 (Wi‑Fi Repeater). An unauthenticated OS command injection exists in the commuos web backend via the smacfilter_conf handler. Attackers can append semicolon-delimited payloads to the name, enable, or mac GET parameters, which are unsanitized and pas...

9.8CVSS6.1AI score0.01671EPSS
Exploits0References3
Rows per page
Query Builder