Lucene search
K

369610 matches found

CVE
CVE
added 2026/07/01 9:0 p.m.29 views

CVE-2026-55660

CVE-2026-55660 : TinaCMS and Tinacms app prior to versions 2.5.6 / 3.9.3 allow cross-origin postMessage abuse due to window message listeners that do not validate event.origin/source and post to non-specific origins, combined with insufficient URL sanitization in rich-text content. This enables s...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 8:56 p.m.11 views

CVE-2026-45710

Technical details for CVE-2026-45710 are not publicly available in the provided documents. Monitor for updates.

Exploits0References5
CVE
CVE
added 2026/07/01 8:55 p.m.12 views

CVE-2026-48819

Technical details for CVE-2026-48819 are not publicly available in the provided documents. Monitor for updates from the reserving organization once disclosed.

Exploits0References5
CVE
CVE
added 2026/07/01 8:47 p.m.22 views

CVE-2026-54074

CVE-2026-54074 affects @tinacms/cli (pre-2.4.3) used with TinaCMS. A Forestry-to-Tina migration path unquotes values in user-controlled YAML fields via the TINA_INTERNAL marker, allowing injection of arbitrary JavaScript into the generated tina/templates.{ts,js} file. The code executes at module ...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:44 p.m.21 views

CVE-2026-55661

CVE-2026-55661 affects TinaCMS rich-text rendering (Slate JSON) where the url field on Slate link/image nodes was not sanitized, allowing stored XSS via dangerous URL schemes such as javascript: or data:text/html. Affected versions include tinacms/mdx <2.1.7 and tinacms =2.1.7 and tinacms >...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 8:35 p.m.14 views

CVE-2026-58263

CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:32 p.m.16 views

CVE-2026-49457

Technical details for CVE-2026-49457 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.

Exploits0References6
CVE
CVE
added 2026/07/01 8:29 p.m.16 views

CVE-2026-54756

The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:28 p.m.16 views

CVE-2026-49998

Technical details for CVE-2026-49998 are not publicly available in the provided documents. Monitor for updates.

Exploits0References6
CVE
CVE
added 2026/07/01 8:25 p.m.21 views

CVE-2026-55886

CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 8:23 p.m.14 views

CVE-2026-49997

Technical details for CVE-2026-49997 are not publicly available in the provided documents. The entry is reserved/placeholder. Monitor for updates as information may be released in the future.

0.00023EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 8:14 p.m.69 views

CVE-2026-50521

CVE-2026-50521 : Use-after-free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. The vulnerability has a CVSS v3.1 base score of 8.3 (High) with network attack vector, low attack complexity, required privileges, no user interaction, and impact to co...

8.3CVSS5.9AI score0.00823EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 8:12 p.m.15 views

CVE-2026-54786

Wasmtime’s native WASIp1 fd_renumber implementation leaks host resources because the guest-facing fd_renumber updates only the WASIp1 descriptor table, not the host’s underlying table. This affects wasm runtimes that expose fd_renumber and allow file descriptors; affected versions include all pri...

5CVSS5.7AI score0.00217EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/07/01 8:6 p.m.10 views

CVE-2026-54161

Technical details for CVE-2026-54161 are not publicly available in the provided documents; no affected products, impact, or remediation are listed. Monitor for updates from trusted sources.

Exploits0References6
CVE
CVE
added 2026/07/01 8:2 p.m.22 views

CVE-2026-55153

CVE-2026-55153 affects mchange-commons-java before 0.6.0, where the JNDI ObjectFactory (com.mchange.v2.naming.JavaBeanObjectFactory) constructs arbitrary JavaBean properties, enabling JNDI injection and deserialization gadget abuse in some classes. An example is setting a Swing JEditorPane’s cont...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 7:58 p.m.14 views

CVE-2026-48815

Technical details for CVE-2026-48815 are not publicly available in the provided documents. No affected products, vectors, or remediation information are disclosed. Monitor for updates.

Exploits0References7
CVE
CVE
added 2026/07/01 7:57 p.m.10 views

CVE-2026-48816

Technical details for CVE-2026-48816 are not publicly available in the provided documents. Monitor for updates.

Exploits0References4
CVE
CVE
added 2026/07/01 7:55 p.m.10 views

CVE-2026-49989

Technical details for CVE-2026-49989 are not publicly available in the provided documents. Monitor for updates.

Exploits0References4
CVE
CVE
added 2026/07/01 7:40 p.m.16 views

CVE-2026-55688

Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...

4CVSS5.8AI score0.00179EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 7:37 p.m.7 views

CVE-2026-36541

Technical details are not publicly available in the provided documents for CVE-2026-36541; no affected products, vectors, or remediation are described. Monitor for updates.

Exploits0References1
Rows per page
Query Builder