Lucene search
K

9800 matches found

OSV
OSV
added 2026/05/28 11:16 p.m.5 views

DEBIAN-CVE-2026-9897

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 11:16 p.m.8 views

CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00252EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 11:16 p.m.5 views

DEBIAN-CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00252EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/28 10:25 p.m.5 views

CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00252EPSS
Exploits0
CVE
CVE
added 2026/05/28 10:25 p.m.30 views

CVE-2026-10016

CVE-2026-10016 is a use-after-free in the DOM of Google Chrome, fixed by the 148.0.7778.216 update. The vulnerability allows a remote attacker to execute arbitrary code inside Chrome’s sandbox via a crafted HTML page. Severity: High (CVSS v3.1 base score 8.8; Network attack vector, no privileges ...

8.8CVSS6.2AI score0.00252EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/28 10:25 p.m.35 views

CVE-2026-10016

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00252EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/28 10:25 p.m.4 views

CVE-2026-9897

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00291EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/28 10:25 p.m.6 views

CVE-2026-9897

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00291EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/28 10:25 p.m.8 views

CVE-2026-9897

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 10:25 p.m.34 views

CVE-2026-9897

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00291EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 3:43 p.m.22 views

RLSA-2026:19348 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

8.8CVSS6AI score0.04938EPSS
Exploits1References30
OSV
OSV
added 2026/05/28 1:31 p.m.11 views

USN-8336-1 php8.1, php8.3, php8.4, php8.5 vulnerabilities

Aleksey Solovev and Nikita Sveshnikov discovered that PHP improperly handled NUL bytes when preparing SQL queries in the PDO Firebird driver. An attacker could possibly use this issue to perform SQL injection attacks. CVE-2025-14179 It was discovered that PHP incorrectly handled certain encoding...

9.8CVSS6.2AI score0.0076EPSS
Exploits1References10
GithubExploit
GithubExploit
added 2026/05/28 8:57 a.m.74 views

portswigger-xss-labs

PortSwigger Web Security Academy — XSS Labs All 30 Completed...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/28 8:16 a.m.15 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:41 a.m.18 views

CVE-2026-9806

CTI Transmute is affected by a stored XSS in the notification panel prior to the patched release. The issue occurs when notification messages include user-controlled convert names that are rendered via innerHTML without sanitization, allowing arbitrary JavaScript execution in the authenticated us...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 6:41 a.m.10 views

EUVD-2026-32728

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:41 a.m.8 views

CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44211

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/27 8:13 p.m.13 views

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

9.3CVSS5.7AI score0.0023EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/27 4:58 p.m.11 views

firefox: thunderbird: Use-after-free in the DOM: Bindings (WebIDL) component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Bindings WebIDL component...

7.3CVSS5.7AI score0.00413EPSS
Exploits0References6
Rows per page
Query Builder