30210 matches found
CVE-2026-57267
creationtimestamp| type| source ---|---|--- 2026-07-02 04:53:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnagdaerv2v 2026-07-02 18:26:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mponsh6i2e2r...
CVE-2026-24242
creationtimestamp| type| source ---|---|--- 2026-07-02 02:19:12+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxrl6ign2t 2026-07-02 08:18:37+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpnluamnha2g 2026-07-02 08:18:37+00:00| seen|...
CVE-2026-14429
creationtimestamp| type| source ---|---|--- 2026-07-02 02:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpmwpwlcgx2v 2026-07-02 08:27:34+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 15:27:48+00:00|...
next.js: Next.js: Unauthorized access to protected content via middleware bypass
A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...
CVE-2026-14381
CVE-2026-14381 affects Google Chrome’s WebAppInstalls UI. A crafted HTML page can trigger UI spoofing due to an incorrect security UI in WebAppInstalls prior to Chrome 150.0.7871.46. Impact: remote attacker could spoof UI. Mitigation: update to Chrome 150.0.7871.46 or later (Chromium-based). Refe...
CVE-2026-34108
creationtimestamp| type| source ---|---|--- 2026-07-01 21:49:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpmipkig2x2e 2026-07-02 08:40:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnn3xnxqi2u...
CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
EUVD-2026-41145
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...
CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
CVE-2026-13878
creationtimestamp| type| source ---|---|--- 2026-07-01 20:39:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmergu3q22q 2026-07-02 07:22:06+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702...
CVE-2026-54672
A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...
CVE-2026-14258
creationtimestamp| type| source ---|---|--- 2026-07-01 11:43:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgtxfpjx23 2026-07-01 12:43:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplk6tti5626 2026-07-01 15:30:43+00:00| seen|...
EUVD-2026-40437
Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...
EUVD-2026-40809
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40801
Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Low...
EUVD-2026-40784
Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40558
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
PT-2026-54648
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An issue in the WebAppInstalls component allows a remote attacker to perform UI spoofing by using a specially crafted HTML page. UI spoofing is a technique where an attacker mimics a...
CVE-2026-56247
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...
DEBIAN-CVE-2026-14131
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...