5094 matches found
CVE-2026-10967
Use after free in SurfaceCapture in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10967
Use after free in SurfaceCapture in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-10967
CVE-2026-10967 affects Google Chrome on Android and is due to a use-after-free in SurfaceCapture. A remote attacker who has compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. The issue is triggered in Chrome versions prior to 149.0.7827.53; the fi...
exploit-labs
exploit-labs Companion code for the Windows-security blog at...
PT-2026-46496
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue exists in SurfaceCapture. A remote attacker who has compromised the renderer process can potentially perform a sandbox escape by using a crafted HTML...
📄 dcontrol 1.0.9 Screen Capture
The script is a fully featured remote screen-capture client targeting an exposed WebSocket service /ws associated with a dcontrol deployment. It includes capabilities that move beyond diagnostic or administrative testing into active surveillance and unauthorized access workflows. Version 1.0.9 is...
PT-2026-46823
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in ImageCapture allows a remote attacker who has already compromised the renderer process to perform privilege escalation through the use of a crafted HT...
CVE-2026-48682
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...
CVE-2026-48682
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the IPv4 packet parser. In src/simplepacketparserng.cpp, after validating that the packet contains at least sizeofipv4headert bytes 20 bytes, the code advances the localpointer by '4 ipv4header-getihl' line 164 without...
MAL-2026-5096 Malicious code in cscc-glass-house (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 20f53888d08d0aa70146b50e8dc761373490363f9081ea0adb9fb93cfd2b6240 Package implements exfiltrating credentials from cloud environments to a hardcoded location. Some code parts suggest it may be part of a CTF. --- Category:...
SUSE CVE-2026-9961
Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Chromium: CVE-2026-9961 Use after free in SurfaceCapture
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-9398
A security vulnerability has been detected in Besen BS20 EV Charging Station up to 20260426. This affects an unknown part of the component BLE/WiFi. Such manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within the local network. Attacks of this...
CVE-2026-47740
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-47740 Shopper: Authorization bypass in multiple Livewire admin components
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-47740
Shopper: Authorization bypass vulnerability in a headless e-commerce Admin Panel. Before 2.8.0, multiple Filament actions on the admin Order detail and Order shipments tables could be invoked by an authenticated user with only read_orders or browse_orders permissions, without needing edit_orders....
EUVD-2026-33410
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
CVE-2026-47740
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...
SUSE CVE-2026-46184
In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detectusbformat to prevent a division by zero in playbackurbcomplete and captureurbcomplete. USB core does not validate class-specific...
EUVD-2026-33103
Use after free in SurfaceCapture in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...