CVE-2023-7346

Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of miniscript policies containing the a: fragment. Attackers can craft malicious miniscript policies...

CVE-2026-7346 vulnerabilities

Vulnerabilities for packages: chromium...

MINI-7346-3XV7-XFHV

Bulletin has no description...

Chromium: CVE-2026-7346 Inappropriate implementation in Tint

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Linux Distros Unpatched Vulnerability : CVE-2026-7346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTM...

CVE-2026-7346

Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2026-7346

CVE-2026-7346 affects Google Chrome on all platforms prior to 147.0.7727.138, due to an inappropriate implementation in Tint that allows out-of-bounds memory access via a crafted HTML page. The vulnerability enables remote code execution with network access and requires user interaction, per CVSS...

CVE-2026-7346

creationtimestamp| type| source ---|---|--- 2026-04-28 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260429 2026-04-29 00:33:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mkltzjp3az2h 2026-05-03 18:00:00+00:00| seen|...

CVE-2013-7346

Cross-site request forgery CSRF vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559...

MAL-2025-7346 Malicious code in @crabas0npm/incidunt-vel-id (npm)

The package @crabas0npm/incidunt-vel-id was found to contain malicious code...

MINI-WRFR-7346-7GR9

Bulletin has no description...

CVE-2025-7346

creationtimestamp| type| source ---|---|--- 2025-07-08 10:11:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lth2sfje572t 2025-07-08 21:36:52+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-x698-5hjm-w2m5 2025-08-07 19:07:21+00:00| seen|...

CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

CVE-2025-7346

Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages...

Ubuntu: Security Advisory (USN-7346-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7346-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2017-7346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vmwgbsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which...

CVE-2020-7346

Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attack...

CVE-2024-7346

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to b...

Oracle Linux 9 : cups-filters (ELSA-2024-7346)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-7346 advisory. - CVE-2024-47175 cups-filters: remote command injection via attacker controlled data in PPD file - CVE-2024-47076 cups-filters: cfGetPrinterAttributes...