Lucene search
K

368793 matches found

CVE
CVE
added 5 days ago15 views

CVE-2026-50280

Craft CMS contains an authorization bypass in the entries/move-to-section endpoint (EntriesController::actionMoveToSection). In versions 5.0.0-RC1 through below 5.9.21, destination section gate relies only on viewEntries:$section->uid instead of requiring saveEntries permission; source entry p...

6CVSS5.7AI score0.00273EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-50279

Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...

7.6CVSS5.7AI score0.00245EPSS
Exploits0References2
CVE
CVE
added 5 days ago18 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
CVE
CVE
added 5 days ago14 views

CVE-2026-55792

Craft CMS is vulnerable in versions 4.0.0-RC1 through 4.17.x and 5.0.0-RC1 through 5.9.x due to dataUrl() being in the Twig sandbox allowlist. A control panel user with the utility:system-messages permission can embed a file-reading payload in system emails, causing the server to read targeted fi...

6CVSS5.8AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 5 days ago32 views

CVE-2026-55791

Craft CMS vulnerability CVE-2026-55791 enables SSRF and Arbitrary JavaScript Injection via /actions/app/resource-js when assetManager.cacheSourcePaths is false and trustedHosts is permissive. An attacker can poison Host/X-Forwarded-Host to hijack $baseUrl, causing Craft::createGuzzleClient()->...

6.9CVSS5.8AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 5 days ago12 views

CVE-2026-14439

CVE-2026-14439 describes a path-traversal in the Git Service shared by Altium Enterprise Server and Altium 365. The vulnerability arises from a post-clone file-manipulation primitive that accepts user-supplied paths without validation, enabling an authenticated user with basic git access to move ...

9.4CVSS6.5AI score0.00601EPSS
Exploits0References1
CVE
CVE
added 5 days ago12 views

CVE-2026-55790

Summary of CVE-2026-55790 (Craft CMS) : This is a DOM-based cross-site scripting flaw in Craft CMS. Versions affected are 5.0.0-RC1–5.9.22 and 4.0.0-RC1–4.17.15. An attacker with only a GitHub account can insert a JavaScript payload into a craftcms/cms issue title. When a Craft admin uses the Cra...

7.4CVSS5.8AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 5 days ago16 views

CVE-2026-50284

Craft CMS (versions 5.0.0-RC1–5.9.21 and 4.0.0-RC1–4.17.14) has a privilege check flaw in AssetsController::actionDeleteFolder: it only enforces deleteAssets: for the target folder and does not enforce deletePeerAssets:, allowing a low-privilege user with folder-management rights on a shared volu...

7.1CVSS5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 5 days ago17 views

CVE-2026-14440

Summary: CVE-2026-14440 concerns Cloudflare’s Universal SSL: automatic, permissive CAA RRset management on Universal SSL zones supersedes customer CAA records. When customers push stricter CAA via RFC 8657 accounturi or validationmethods, CAs do not observe those parameters during RFC 8659 evalua...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References8
CVE
CVE
added 5 days ago17 views

CVE-2026-14426

CVE-2026-14426 is a Use After Free in V8 within Google Chrome before 150.0.7871.46. A remote attacker could lure a user into specific UI gestures to run arbitrary code in Chrome’s sandbox via a crafted HTML page. Severity: High. Affected: V8 in Chrome (pre-150.7871.46). Mitigation: Chrome update ...

7.5CVSS6.2AI score0.00216EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago18 views

CVE-2026-14432

The CVE-2026-14432 entry documents a use-after-free in V8 affecting Google Chrome’s JavaScript engine prior to version 150.0.7871.46 . This vulnerability could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, as described in multiple sources. Affected co...

8.8CVSS6.2AI score0.00247EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago13 views

CVE-2026-14394

Summary of CVE-2026-14394 (Google Chrome / V8) : A use-after-free in V8 leads to potential heap corruption when processing crafted HTML pages. Affected software is Google Chrome, with vulnerable versions prior to 150.0.7871.46. The issue is caused by a use-after-free in the JavaScript engine (V8)...

8.8CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago19 views

CVE-2026-14403

CVE-2026-14403: Use-after-free in V8 (Chrome) allows remote code execution inside a sandbox via a crafted HTML page on Chrome versions prior to 150.0.7871.46. Severity is listed as Low; the vulnerability stems from a V8 use-after-free condition. Documents do not specify exploitation status or con...

8.8CVSS6.2AI score0.00257EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago13 views

CVE-2026-14393

CVE-2026-14393: Use-after-free in V8 (Chrome) allows remote code execution inside the sandbox via a crafted HTML page. Affected: Google Chrome's V8 engine prior to version 150.0.7871.46. Impact: arbitrary code execution with high/total impact as per the CVSS vector. Remediation: update to Chrome ...

8.8CVSS6.2AI score0.00281EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago15 views

CVE-2026-14419

CVE-2026-14419 affects Google Chrome where a use-after-free in Skia could allow a remote attacker to escape the sandbox via a crafted HTML page. It targets Skia in Chrome before version 150.0.7871.46. The issue is listed as Critical (CVSS: 9.6, Network) with potential for total impact to confiden...

9.6CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago14 views

CVE-2026-14417

CVE-2026-14417 affects Dawn in Google Chrome prior to 150.0.7871.46. The issue is a use-after-free in Dawn, enabling a remote attacker to potentially escape the Chrome sandbox via a crafted HTML page. The known remediation is upgrading to Chrome 150.0.7871.46 or later, as reflected in the referen...

9.6CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago12 views

CVE-2026-14425

This CVE affects ANGLE in Google Chrome and is caused by a use-after-free in ANGLE that could allow a remote attacker to perform a sandbox escape via a crafted HTML page in Chrome versions prior to 150.0.7871.46. Impact is described as high/critical with potential full compromise of confidentiali...

9.6CVSS5.8AI score0.00218EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago15 views

CVE-2026-14424

CVE-2026-14424 affects Dawn in Google Chrome on macOS prior to 150.0.7871.46. A use-after-free vulnerability in Dawn could allow a remote attacker to potentially escape the sandbox via a crafted HTML page, with Chromium severity listed as High. The available documents consistently describe the tr...

9.6CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago14 views

CVE-2026-14390

CVE-2026-14390 describes a use-after-free in ANGLE used by Google Chrome before version 150.0.7871.46. The vulnerability could allow a remote attacker to attempt a sandbox escape via a crafted HTML page. The description and connected sources consistently identify ANGLE as the affected Graphics/AN...

9.6CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
CVE
CVE
added 5 days ago17 views

CVE-2026-14398

In Connected sources, CVE-2026-14398 is described as a Use-after-free in ANGLE affecting Google Chrome prior to 150.0.7871.46, enabling a remote attacker to potentially escape the sandbox via a crafted HTML page. The vulnerability is confirmed as part of ANGLE in Chrome, with a critical severity....

9.6CVSS5.8AI score0.00215EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder