Lucene search
+L

1881 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54117

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Canvas allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update Google Chrome to version...

9.6CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54371

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An improper input implementation allows a remote attacker who has already compromised the renderer process to leak cross-origin data through a specially crafted HTML page...

9.6CVSS6AI score0.00448EPSS
Exploits0References446
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54205

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Enterprise component allows a remote attacker to perform privilege escalation through the use of a crafted HTML page. Recommendations...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54317

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in Isolated Web Apps allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by usin...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-54254

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the PageInfo component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...

9.6CVSS6AI score0.00413EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.13 views

PT-2026-54394

Name of the Vulnerable Software and Affected Versions Google Chrome on Windows versions prior to 150.0.7871.47 Description A type confusion issue exists in the Bluetooth component. This allows an attacker located on the same local network segment to retrieve potentially sensitive information from...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-56018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup free...

7.5CVSS6.2AI score0.00609EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:17 a.m.6 views

CVE-2026-57878

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS6.4AI score0.00531EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.9 views

EUVD-2026-39563

Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00229EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.14 views

SUSE SLES16 Security Update : perl-HTTP-Daemon (SUSE-SU-2026:22187-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:22187-1 advisory. This update for perl-HTTP-Daemon fixes the following issue - CVE-2026-8450: HTTP: Daemon versions before 6.17 for Perl allow OS command...

9.1CVSS6AI score0.01452EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 7:8 p.m.8 views

CVE-2026-57520

Bitwarden Server before 2026.5.0 contains a privilege escalation vulnerability that allows authenticated Custom users with ManageUsers permission to remove Admin accounts from an organization by exploiting a missing role hierarchy check in the bulk user-remove endpoint. Attackers can supply Admin...

7.1CVSS5.9AI score0.00354EPSS
Exploits1References6
OSV
OSV
added 2026/06/25 4:16 p.m.6 views

UBUNTU-CVE-2026-55895

Vim is an open source, command line text editor. Prior to 9.2.0663, a Vimscript code injection vulnerability exists in s:NetrwLocalRmFile in the netrw plugin runtime/pack/dist/opt/netrw/autoload/netrw.vim when deleting a local file from the browser. A filename derived from the buffer's directory...

8.4CVSS6.1AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52481

Name of the Vulnerable Software and Affected Versions Vim versions prior to 9.2.0699 Description Python omni-completion in the text editor executes reconstructed function and class definitions from the current buffer using the exec function to populate the completion dictionary. Because docstring...

8.4CVSS6.6AI score0.00144EPSS
Exploits0References19
OSV
OSV
added 2026/06/24 7:17 p.m.4 views

DEBIAN-CVE-2026-13036

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00233EPSS
Exploits1References1
NVD
NVD
added 2026/06/24 7:17 p.m.10 views

CVE-2026-13026

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00195EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:43 p.m.5 views

EUVD-2026-39044

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Chromium

The use of Graphite with free in Google Chrome before version 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

8.3CVSS7.3AI score0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/23 8:12 p.m.36 views

CVE-2026-47386 NocoDB: OAuth Authorization Code Race Condition

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. This vulnerability ...

6.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 4:51 p.m.27 views

CVE-2026-54007

CVE-2026-54007 describes a cross-origin postMessage bypass in Open WebUI prior to version 0.9.6. The root cause is a chat input/submit flow in the Chat.svelte window message listener that accepts non-same-origin messages (input:prompt and action:submit) and forwards them to submitPrompt(), enabli...

7.1CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/23 12:15 p.m.41 views

CVE-2026-10857 Reflected XSS in Akinsoft's e-Commerce

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce allows Reflected XSS. This issue affects e-Commerce: before 1.25.01.06...

6.1CVSS0.00149EPSS
Exploits0References1
Rows per page
Query Builder