Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

19 matches found

RedhatCVE
RedhatCVEadded 2026/06/07 5:3 a.m.7 views

CVE-2026-11149

An insufficient validation of untrusted input flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501739206...

9CVSS5.4AI score0.00221EPSS
Exploits0References5
SUSE CVE
SUSE CVEadded 2026/06/07 4:43 a.m.6 views

SUSE CVE-2026-11149

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.5AI score0.00221EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/06/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-11149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer...

7.5CVSS5.5AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/10/02 4:58 p.m.14 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server. Mitigation Mitigation for this issue is...

7.5CVSS6.4AI score0.00496EPSS
Exploits0References6
OSV
OSVadded 2025/09/30 11:37 a.m.1 views

UBUNTU-CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2025/09/30 5:0 a.m.1 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References3
CVE
CVEadded 2025/09/30 5:0 a.m.23 views

CVE-2025-11149

CVE-2025-11149 affects all versions of node-static and @nubosoftware/node-static. The root issue is that the package fails to catch an exception when user input contains null bytes, allowing an attacker to access the URL http://host/%00 and cause a server crash. The connected Nessus/Red Hat/GHSA/...

7.5CVSS6.5AI score0.00496EPSS
Exploits0References3
UbuntuCve
UbuntuCveadded 2025/09/30 12:0 a.m.1 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References4
RedhatCVE
RedhatCVEadded 2025/05/22 4:9 p.m.4 views

CVE-2020-11149

Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

7.2CVSS9.4AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/12/06 1:56 a.m.14 views

CVE-2024-11149 OpenBSD vmm GDTR limits

In OpenBSD 7.4 before errata 014, vmm4 did not restore GDTR limits properly on Intel VMX CPUs...

7.9CVSS0.00131EPSS
Exploits0References1
CVE
CVEadded 2024/12/06 1:56 a.m.49 views

CVE-2024-11149

OpenBSD 7.4 prior to errata 014 contains a vulnerability in vmm(4) where the GDTR limits were not properly restored on Intel (VMX) CPUs. The issue affects the vmm subsystem, specifically the GDTR handling in the virtual machine monitor, leading to potential misbehavior on affected Intel VMX hosts...

7.9CVSS7.8AI score0.00131EPSS
Exploits0References1Affected Software1
vulnersOsv
vulnersOsvadded 2021/09/22 6:22 p.m.2 views

40au-isteven-angular-multiselect (=4.0.0), @abcd19/st-grid (=3.1.0) +725 more potentially affected by CVE-2025-11149 via node-static (>=0.5.6 <=0.7.11)

node-static NPM version =0.5.6, =1.0.5, =0.0.5, =0.0.1, =0.0.1, =17.0.6 - @beadswap/lib =0.0.1 and more Source cves: CVE-2025-11149 Source advisory: OSV:GHSA-8R4G-CG4M-X23C...

7.5CVSS5.4AI score0.00496EPSS
Exploits0
CVE
CVEadded 2021/01/21 9:41 a.m.57 views

CVE-2020-11149

CVE-2020-11149 involves an out-of-bounds access caused by an out-of-range pointer offset in the camera driver across Snapdragon platforms (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The vulnerability stems from improper pointer handling in the camera su...

7.2CVSS7.2AI score0.00208EPSS
Exploits0References2Affected Software293
OSV
OSVadded 2018/06/02 1:29 a.m.1 views

CVE-2018-11149

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection issue 7 of 46...

8.8CVSS5.8AI score0.04602EPSS
Exploits2References3
NVD
NVDadded 2018/06/02 1:29 a.m.13 views

CVE-2018-11149

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection issue 7 of 46...

8.8CVSS9AI score0.04602EPSS
Exploits2References3
Cvelist
Cvelistadded 2018/06/01 9:0 p.m.16 views

CVE-2018-11149

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection issue 7 of 46...

9.4AI score0.04602EPSS
Exploits2References3
CVE
CVEadded 2018/06/01 9:0 p.m.61 views

CVE-2018-11149

CVE-2018-11149 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. CoreLabs/Core advisory CORE-2018-0002 documents a command-injection vulnerability in the DR Series DRCleaner/setCleaner routine, enabling an attacker to inject shell commands via crafted input in the appliance’s web/API...

8.8CVSS9.3AI score0.04602EPSS
Exploits2References3Affected Software1
CVE
CVEadded 2017/08/14 7:0 p.m.52 views

CVE-2017-11149

CVE-2017-11149 affects Synology Download Station’s Downloader, enabling a server-side request forgery (SSRF). The vulnerability exists in versions 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984, where remote authenticated users can download arbitrary local files via crafted URIs. No exploitation...

6.5CVSS6.2AI score0.01599EPSS
Exploits0References1Affected Software1
CVE
CVEadded 1976/01/01 12:0 a.m.19 views

CVE-2019-11149

This CVE-2019-11149 entry is rejected and does not represent an active vulnerability entry.

7.3AI score
Exploits0
Rows per page
Query Builder