Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
0.0004EPSS
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Impact Before deserializing CycloneDX Bill of Materials in XML format, cyclonedx-core-java leverages XPath expressions to determine the schema version of the BOM. The DocumentBuilderFactory used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML...
7.3AI Score
EPSS
go-retryablehttp can leak basic auth credentials to log files
go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp...
6CVSS
6.9AI Score
0.0004EPSS
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Zip files uploaded to the server endpoint of CodeChecker store are not properly sanitized. An attacker, using a path traversal attack, can load and display files on the machine of....
6.5CVSS
6.7AI Score
0.0004EPSS
XWiki programming rights may be inherited by inclusion
Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...
9.9CVSS
7AI Score
0.0004EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
7.1AI Score
0.0004EPSS
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...
6.5CVSS
6.7AI Score
0.0004EPSS
Incorrect Calculation vulnerability in Renesas arm-trusted-firmware allows Local Execution of Code. When checking whether a new image invades/overlaps with a previously loaded image the code neglects to consider a few cases. that could An attacker to bypass memory range restriction and overwrite...
7.5CVSS
7.7AI Score
0.0004EPSS
Integer Underflow (Wrap or Wraparound) vulnerability in Renesas arm-trusted-firmware. An integer underflow in image range check calculations could lead to bypassing address restrictions and loading of images to unallowed...
7.5CVSS
7.1AI Score
0.0004EPSS
Google Introduces Project Naptime for AI-Powered Vulnerability Research
Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target...
8.3AI Score
3.1CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.7AI Score
0.0005EPSS
5.3CVSS
6.8AI Score
0.0005EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
5.3CVSS
6.8AI Score
0.0005EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
6.1CVSS
6.8AI Score
0.0005EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
7.5CVSS
6.8AI Score
0.0005EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
3.1CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
6.1CVSS
6.8AI Score
0.0005EPSS
2.6CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
3.1CVSS
6.8AI Score
0.0004EPSS
7.5CVSS
6.8AI Score
0.0005EPSS
5.4CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
9.8CVSS
6.8AI Score
0.001EPSS
4.3CVSS
6.8AI Score
0.0004EPSS
Malicious code in kami-richtext (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score