Lucene search
K

30210 matches found

Circl
Circl
added 4 days ago6 views

CVE-2026-57267

creationtimestamp| type| source ---|---|--- 2026-07-02 04:53:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpnagdaerv2v 2026-07-02 18:26:04+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mponsh6i2e2r...

8.3CVSS5.8AI score0.0022EPSS
Exploits0References2
Circl
Circl
added 4 days ago6 views

CVE-2026-24242

creationtimestamp| type| source ---|---|--- 2026-07-02 02:19:12+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmxrl6ign2t 2026-07-02 08:18:37+00:00| seen| https://bsky.app/profile/qiancx.bsky.social/post/3mpnluamnha2g 2026-07-02 08:18:37+00:00| seen|...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References3
Circl
Circl
added 4 days ago7 views

CVE-2026-14429

creationtimestamp| type| source ---|---|--- 2026-07-02 02:00:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mpmwpwlcgx2v 2026-07-02 08:27:34+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702 2026-07-02 15:27:48+00:00|...

8.3CVSS5.9AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago5 views

next.js: Next.js: Unauthorized access to protected content via middleware bypass

A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows acces...

7.5CVSS5.9AI score0.01416EPSS
Exploits0References5
CVE
CVE
added 5 days ago12 views

CVE-2026-14381

CVE-2026-14381 affects Google Chrome’s WebAppInstalls UI. A crafted HTML page can trigger UI spoofing due to an incorrect security UI in WebAppInstalls prior to Chrome 150.0.7871.46. Impact: remote attacker could spoof UI. Mitigation: update to Chrome 150.0.7871.46 or later (Chromium-based). Refe...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
Circl
Circl
added 5 days ago5 views

CVE-2026-34108

creationtimestamp| type| source ---|---|--- 2026-07-01 21:49:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpmipkig2x2e 2026-07-02 08:40:50+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpnn3xnxqi2u...

9.8CVSS5.8AI score0.00549EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41145

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00284EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago5 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software2
Circl
Circl
added 5 days ago7 views

CVE-2026-13878

creationtimestamp| type| source ---|---|--- 2026-07-01 20:39:07+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpmergu3q22q 2026-07-02 07:22:06+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260702...

9.6CVSS5.8AI score0.0028EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-54672

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References5
Circl
Circl
added 5 days ago10 views

CVE-2026-14258

creationtimestamp| type| source ---|---|--- 2026-07-01 11:43:39+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mplgtxfpjx23 2026-07-01 12:43:25+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mplk6tti5626 2026-07-01 15:30:43+00:00| seen|...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References9
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-40437

Capgo before 12.128.2 contains an authorization flaw in POST /private/createdevice that accepts a caller-supplied orgid parameter without validating it matches the target app's owner organization. Authenticated attackers can create device records for an application using a foreign organization...

7.1CVSS5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-40809

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

6AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40801

Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Low...

5.8AI score0.00158EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40784

Inappropriate implementation in WebAppInstalls in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00234EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40558

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...

5.8AI score0.00241EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-54648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An issue in the WebAppInstalls component allows a remote attacker to perform UI spoofing by using a specially crafted HTML page. UI spoofing is a technique where an attacker mimics a...

9.6CVSS6AI score0.00413EPSS
Exploits0References439
NVD
NVD
added 6 days ago8 views

CVE-2026-56247

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perfor...

8.8CVSS0.00303EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-14131

Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References1
Rows per page
Query Builder