Lucene search
K

9140 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00247EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 10:21 p.m.22 views

CVE-2026-14396

CVE-2026-14396 describes an out-of-bounds read in ANGLE used by Google Chrome, allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected component: ANGLE within Chrome, with the flaw exploitable through networked HTML content. The issue is tied to Chrome versions prio...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00247EPSS
Exploits0
Cvelist
Cvelist
added 2026/07/01 10:21 p.m.26 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 10:21 p.m.25 views

CVE-2026-14384

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00263EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 10:21 p.m.25 views

CVE-2026-14384

CVE-2026-14384 describes an out-of-bounds read in ANGLE used by Google Chrome on Windows , affecting versions prior to 150.0.7871.46 . The underlying issue in ANGLE allows a remote attacker to leak cross-origin data via a crafted HTML page . Affected component: ANGLE within Chromium-based Chrome;...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14384

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00263EPSS
Exploits0
NVD
NVD
added 2026/07/01 9:17 p.m.6 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:0 p.m.7 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2026/07/01 9:0 p.m.37 views

CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 9:0 p.m.31 views

CVE-2026-55660

CVE-2026-55660 : TinaCMS and Tinacms app prior to versions 2.5.6 / 3.9.3 allow cross-origin postMessage abuse due to window message listeners that do not validate event.origin/source and post to non-specific origins, combined with insufficient URL sanitization in rich-text content. This enables s...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.7 views

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.9CVSS6.6AI score0.0068EPSS
Exploits5References13
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS6.1AI score0.00527EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2026/07/01 6:0 a.m.6 views

python3.12-urllib3 security update

An update is available for python3.12-urllib3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming...

8.9CVSS6.1AI score0.0068EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40432

Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...

6.9CVSS5.8AI score0.00136EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40833

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00264EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40842

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40803

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40805

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40758

Side-channel information leakage in WebAudio in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder