Lucene search
K

31 matches found

Cvelist
Cvelist
added 2026/06/30 10:39 p.m.24 views

CVE-2026-14129

Inappropriate implementation in PreviewTab in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-522 ReportLab vulnerable to remote code execution via paraparser

paraparser in ReportLab before 3.5.31 allows remote code execution because startunichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with 'unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626...

9.8CVSS8AI score0.04452EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-47813

Name of the Vulnerable Software and Affected Versions Schneider Electric Data Center Expert affected versions not specified Description An Improper Restriction of XML External Entity Reference XXE issue exists, which occurs when an application fails to restrict XML external entity references,...

7.1CVSS6.6AI score0.00233EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11694

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

7.5CVSS6AI score0.00214EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/04 11:16 p.m.8 views

DEBIAN-CVE-2026-10884

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.5AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 11:4 p.m.38 views

CVE-2026-11020

CVE-2026-11020 concerns Google Chrome (Chromium-based) extensions. The initial description and connected advisories confirm an inappropriate implementation in Extensions that could allow a remote attacker to leak cross-origin data via a crafted XML file. The vulnerability is tied to Chrome versio...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 7:12 p.m.9 views

CVE-2026-9112

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00396EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.33 views

CVE-2026-7896

Integer overflow in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

0.00281EPSS
Exploits0References2
OSV
OSV
added 2026/05/01 5:50 p.m.6 views

JLSEC-2026-384

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

7.5CVSS5.8AI score0.00379EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.10 views

PT-2026-35252

Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a crafted XML file with nested entity definitions and open it through ZenMap's scan import...

6.9CVSS5.3AI score0.00121EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 1:34 a.m.7 views

CVE-2026-4442

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

6AI score0.00271EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.4 views

PT-2025-47220

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Description A type confusion issue exists in the V8 component of Google Chrome. This could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page...

8.8CVSS6.6AI score0.06776EPSS
Exploits2References81
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-47950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the...

6.5CVSS6.7AI score0.01001EPSS
Exploits1References2
OSV
OSV
added 2024/07/29 9:15 a.m.3 views

UBUNTU-CVE-2024-41881

SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environme...

8.8CVSS6.4AI score0.00567EPSS
Exploits0References4
OSV
OSV
added 2024/07/16 11:15 p.m.1 views

DEBIAN-CVE-2024-3172

Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.6AI score0.00419EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:7 a.m.5 views

SUSE CVE-2016-1837

Multiple use-after-free vulnerabilities in the 1 htmlPArsePubidLiteral and 2 htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a...

5.5CVSS6.5AI score0.04092EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2022/05/18 12:0 a.m.4 views

The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules Desigo PXC4 and PXC5 allows a hacker to execute arbitrary code by injecting specially crafted XML into the XLS report file.

The vulnerability of the AddCell function in the web server of the microprogramming software for building automation modules, Desigo PXC4 and PXC5, is related to errors during the elimination of special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

9CVSS8.1AI score0.01856EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2020/11/27 12:0 a.m.2 views

PT-2020-8128

Name of the Vulnerable Software and Affected Versions: Crafter Studio versions prior to 3.0.1 Description: An unauthenticated attacker can create a site with specially crafted XML, allowing the retrieval of OS files out-of-band. This issue affects Crafter Studio, enabling attackers to access...

8.6CVSS7AI score0.01516EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2020/06/22 12:28 p.m.7 views

expat: large number of colons in input makes parser consume high amount of resources, leading to DoS

It was discovered that the "setElementTypePrefix" function incorrectly extracted XML namespace prefixes. By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service...

7.8CVSS7.2AI score0.07107EPSS
Exploits1References5
CNVD
CNVD
added 2020/01/08 12:0 a.m.3 views

Unspecified Vulnerability in MojoHaus Exec Maven plugin for Maven

MojoHaus Exec Maven plugin for Maven is a use in Maven software project management and automated build tools to support the execution of Java programs in the plug-in . A security vulnerability exists in MojoHaus Exec Maven plugin for Maven version 1.1.1. The vulnerability can be exploited by an...

9.8CVSS7.5AI score0.02409EPSS
Exploits0References1
Rows per page
Query Builder