2030 matches found
PT-2026-38211
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in DevTools allows a remote attacker to potentially perform a sandbox escape via malicious network traffic. A sandbox escape is a process where a program...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reusing of resources after they were released in DevTools, which could allow remote attackers to execute a...
PT-2026-38130
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in DevTools allows an attacker to bypass navigation restrictions. This occurs when a user is convinced to install a malicious Chrome Extension, which can...
PT-2026-38168
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in DevTools allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use after free is a...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from improper implementation in DevTools, and it could allow attackers who persuade users to install malicious...
Astra Linux - уязвимость в chromium
In DevTools in Google Chrome prior to version 145.0.7632.45, it was possible for a remote attacker to convince a user to perform certain UI gestures and install a malicious extension, thereby potentially exploiting object corruption through a malicious file. Chromium security severity: Medium...
Astra Linux - уязвимость в chromium
The object lifecycle issue in DevTools in Google Chrome prior to version 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
Fedora 42 : chromium (2026-2a5d3e5194)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2a5d3e5194 advisory. Update to 147.0.7727.116 High CVE-2026-6919: Use after free in DevTools High CVE-2026-6920: Out of bounds read in GPU Medium CVE-2026-6921: Race in...
Timing Attack
org.springframework.boot, spring-boot-devtools is vulnerable to a timing attack. The vulnerability is due to insecure comparison of the DevTools remote secret, which allows an attacker on the same network to exploit timing differences to guess the secret and potentially achieve remote code...
CVE-2026-6919
An use after free flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493652473...
Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...
GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...
ai.hyacinth.framework:core-service-admin-server (=0.5.24), ai.hyacinth.framework:core-service-config-server (=0.5.24) +849 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=1.3.0.RELEASE <=2.7.3)
org.springframework.boot:spring-boot-devtools MAVEN version =1.3.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =1.0.0, =0.0.2, =0.0.3, =1.0.0, =1.0.5 - br.com.m4rc310:br-com-m4rc310-graphql =1.0.1 and more Source cves: CVE-2026-40972 Source...
com.digitalsanctuary:ds-spring-user-framework (>=3.0.0 <=3.1.0), com.the-qa-company:qendpoint-backend (>=2.3.0 <=2.5.1) +14 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=3.4.0 <=3.4.13)
org.springframework.boot:spring-boot-devtools MAVEN version =3.4.0, =3.0.0, =2.3.0, =2.3.0, =3.1.9, =3.2.0 - de.muenchen.oss.ad2image:ad2image-app =1.1.0 - org.bremersee:common-exception-spring-boot-autoconfigure =5.0.0 - org.bremersee:common-exception-spring-boot-web-starter =5.0.0 -...
Spring Boot DevTools remote secret comparison is vulnerable to timing attacks
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
GHSA-56V8-86GJ-66JP Spring Boot DevTools remote secret comparison is vulnerable to timing attacks
An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code executio...
io.github.dbmdz.cudami:cudami (>=10.0.0 <=10.2.0-rc.3), io.github.gregor-poloczek.project-maintainer:project-maintainer-ui (>=0.13.0 <=0.20.0) +9 more potentially affected by CVE-2026-40972 via org.springframework.boot:spring-boot-devtools (>=3.5.0 <=3.5.11)
org.springframework.boot:spring-boot-devtools MAVEN version =3.5.0, =10.0.0, =0.13.0, =3.2.0, =4.1.1 Source cves: CVE-2026-40972 Source advisory: OSV:GHSA-56V8-86GJ-66JP...