Lucene search
K

252548 matches found

CVE
CVE
added yesterday3 views

CVE-2026-13830

CVE-2026-13830 affects Chromoting in Google Chrome on Linux, with a use-after-free vulnerability that could allow a remote attacker to execute arbitrary code via malicious network traffic. Version 150.0.7871.47 and later mitigates the issue; upgrade to the referenced stable release to patch. The ...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13821

CVE-2026-13821 affects Google Chrome. A use-after-free in Canvas allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Vulnerable are Chrome versions prior to 150.0.7871.47. Impact is high. The issue is mitigated by upgrading to Chrome 150.0.7871.47 or new...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13815

CVE-2026-13815‑ Use-after-free in Blink within Google Chrome before 150.0.7871.47 enables remote code execution in a sandbox via a crafted HTML page. Affected: Chrome/Blink; Root cause: use-after-free. Impact: arbitrary code execution in sandbox. Remediation: patch to 150.0.7871.47 or newer (as p...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13811

CVE-2026-13811 describes a Use-After-Free in the IME of Google Chrome, allowing remote code execution via a crafted HTML page in Chrome versions prior to 150.0.7871.47 (Chromium). The connected Chrome update note indicates fixes were delivered in the stable channel update for Chrome 150/151, with...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13807

CVE-2026-13807 : Use-after-free in Import in Google Chrome on iOS, affected up to version 150.0.7871.47. A remote attacker could exploit UI gestures by convincing a user to engage with a malicious file to execute arbitrary code. Related records confirm the vulnerability, with severity listed as H...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13805

CVE-2026-13805 is a Use-After-Free in GFX within Google Chrome on macOS, reported for versions prior to 150.0.7871.47. The issue, described as a use-after-free in GFX, could allow a remote attacker to cause arbitrary code execution via a crafted HTML page. Connected sources confirm the vulnerabil...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13802

CVE-2026-13802 : Use-after-free in Chrome’s Views (Chromium) allows remote code execution via a crafted HTML page when a user performs specific UI gestures. Affected product: Google Chrome. Root cause: Use-after-free in Views. Vulnerable version: prior to 150.0.7871.47. Remediation: Chrome 150.0....

6.2AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13794

CVE-2026-13794 : In Google Chrome on Windows, the vulnerability lies in insufficient validation of untrusted input in WebAppInstalls , exploitable via a crafted HTML page after persuading a user to perform certain UI gestures. Affected versions are Chrome prior to 150.0.7871.47 . The issue could ...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13788

CVE-2026-13788 is a Use-after-free in the Fullscreen feature of Google Chrome on Android, prior to version 150.0.7871.47. The vulnerability is listed as Critical and can allow a remote attacker to execute arbitrary code via a crafted HTML page. The public records show Chrome 150/151 updates addre...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13786

CVE-2026-13786: Use-after-free in Ozone within Google Chrome allows remote code execution via a crafted HTML page. Affected: Ozone component in Chrome prior to 150.0.7871.47 (Linux 151 with fixes noted in the June 2026 Stable Channel update). Remediation: update Chrome to the patched version (e.g...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-13787

CVE-2026-13787: Use-after-free in Chromoting (Chrome) on Windows allows remote code execution via malicious network traffic. Affected: Google Chrome prior to 150.0.7871.47. Root cause: use-after-free in Chromoting. Mitigation: update to Chrome 150.0.7871.47 or newer where the fix is applied.

6.2AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13779

CVE-2026-13779 affects Chromoting in Google Chrome on ChromeOS, before version 150.0.7871.47. The vulnerability is a use-after-free in Chromoting that could allow a remote attacker to execute arbitrary code via malicious network traffic. Affected product: Google Chrome (Chromoting component) on C...

6.2AI score
Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-56700

Grav CMS (before 2.0.0-beta.2) contains multiple code-execution vulnerabilities. Three unsafe unserialize() calls in Scheduler\JobQueue, Framework\Cache\Adapter\FileCache, and Session deserialize untrusted data, enabling PHP object injection and, via a gadget chain, arbitrary code execution when ...

9.8CVSS6.4AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2025-71371

CVE-2025-71371 affects picklescan

8.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2025-71368

Summary: CVE-2025-71368 affects picklescan prior to 0.0.30, which fails to detect the doctest.debug_script function when analyzing pickle files. This allows remote attackers to craft malicious pickle payloads embedding doctest.debug_script that bypass picklescan detection and trigger arbitrary co...

8.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2025-71352

The CVE-2025-71352 entry affects the Python-based tool picklescan (pre-0.0.29). The issue: picklescan fails to detect the built-in Python function trace.Trace.runctx when it is used inside pickle file reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection ...

8.1CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2025-71350

CVE-2025-71350 concerns the Python package picklescan, with version pre-0.0.28 vulnerable. The issue arises because picklescan fails to detect malicious pickle payloads that leverage torch.utils.collect_env.run within reduce methods, enabling attackers to embed code in pickle files that may execu...

8.1CVSS5.9AI score
Exploits0References2
CVE
CVE
added yesterday6 views

CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-40406

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS6.4AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-13759

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...

7.5CVSS6.2AI score
Exploits0References1
Rows per page
Query Builder