Lucene search
K

9800 matches found

NVD
NVD
added 2026/06/04 11:17 p.m.7 views

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.6 views

DEBIAN-CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 11:6 p.m.19 views

CVE-2026-11274

The CVE-2026-11274 entry concerns Google Chrome on iOS (DOM Distiller) with an inappropriate implementation that allowed a remote attacker to bypass navigation restrictions via a crafted HTML page, before version 149.0.7827.53. Affected component: DOM Distiller in Chrome for iOS. Root cause: inap...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:6 p.m.40 views

CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:6 p.m.10 views

CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00175EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:6 p.m.6 views

CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00175EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/04 11:6 p.m.8 views

CVE-2026-11274

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

5.5AI score0.00175EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:4 p.m.19 views

CVE-2026-11036

CVE-2026-11036 affects Google Chrome before 149.0.7827.53 due to an inappropriate implementation in the DOM, enabling a remote attacker to bypass the same-origin policy via a crafted HTML page. The vulnerability is described across multiple sources (NVD/EUVD/CIRCL sighting) with the same core det...

6.5CVSS5.8AI score0.00165EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:4 p.m.28 views

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

0.00165EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 11:4 p.m.7 views

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00165EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 6:57 p.m.8 views

GHSA-8WHC-2WMV-WW35 WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin

Unauthenticated Stored DOM XSS via pagetitle Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...

9.6CVSS6.2AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/04 6:57 p.m.12 views

WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Metadata Broadcast in YPTSocket Plugin

Unauthenticated Stored DOM XSS via pagetitle Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...

6.2AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46317

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the ChartDatasetConfig.legend field. The...

7.6CVSS6AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.6 views

PT-2026-49154

Unauthenticated Stored DOM XSS via page title Broadcast in AVideo YPTSocket Plugin Summary A stored DOM Cross-Site Scripting vulnerability CWE-79 in the AVideo YPTSocket plugin lets any unauthenticated remote attacker execute arbitrary JavaScript in the authenticated origin of every administrator...

9.6CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.9 views

PT-2026-46801

Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00175EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:6 p.m.13 views

malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.1AI score0.00174EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/03 9:0 p.m.7 views

Malicious Package

Overview react-next-dom is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/03 1:1 a.m.8 views

firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Bindings WebIDL component...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/03 1:1 a.m.8 views

firefox: thunderbird: Privilege escalation in the DOM: Workers component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the DOM: Workers component...

8.8CVSS5.7AI score0.00386EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

RockyLinux 10 : firefox (RLSA-2026:19160)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19160 advisory. firefox: Other issue in the WebRTC component CVE-2026-8094 firefox: Memory safety bugs fixed in Firefox ESR 115.35.2, Firefox ESR 140.10.2 and Firefox...

9.8CVSS5.8AI score0.00446EPSS
Exploits0References7
Rows per page
Query Builder