Lucene search
K

31267 matches found

EUVD
EUVD
added 5 days ago5 views

EUVD-2026-40681

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00154EPSS
Exploits0References3
OSV
OSV
added 6 days ago2 views

BIT-GHOST-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 6 days ago4 views

CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00179EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-14126

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-14126

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-13993

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-13993

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00154EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00179EPSS
Exploits0
CVE
CVE
added 6 days ago12 views

CVE-2026-14141

CVE-2026-14141 affects Google Chrome on Android (Document Picture-in-Picture security UI). Affected component: Picture-in-Picture UI, with a domain-spoofing risk via a crafted HTML page. Root cause: improper UI security handling in Picture-in-Picture. Impact per sources: Chromium security severit...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago21 views

CVE-2026-14141

Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

0.00179EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago3 views

CVE-2026-14126

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00168EPSS
Exploits0
CVE
CVE
added 6 days ago8 views

CVE-2026-14126

CVE-2026-14126 describes an issue in Google Chrome on Android prior to 150.0.7871.47 where an incorrect security UI could allow a remote attacker to spoof the domain through a crafted HTML page. The vulnerability is associated with Chromium security (severity: Low) and is exploitable via network ...

4.3CVSS5.8AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago21 views

CVE-2026-14126

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

0.00168EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-13993

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00154EPSS
Exploits0
CVE
CVE
added 6 days ago16 views

CVE-2026-13993

The CVE-2026-13993 vulnerability affects Google Chrome WebAppInstalls via an Incorrect security UI flaw that allows domain spoofing when a user is induced to perform specific UI gestures on a crafted HTML page. Affected software is Chrome (Chromium-based) with versions prior to 150.0.7871.47. The...

4.2CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago23 views

CVE-2026-13993

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...

0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago11 views

CVE-2026-54514

A flaw was found in jackson-databind, a library used for processing JSON data. This vulnerability allows a remote attacker to force the application to perform an attacker-chosen DNS Domain Name System query. This occurs when untrusted JSON input containing specific network address information is...

5.3CVSS5.7AI score0.00219EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58169 Vibe-Trading < 0.1.10 - Loopback Trust and Missing Host Validation Enable DNS-Rebinding Authentication Bypass and Remote Code Execution

Vibe-Trading before 0.1.10 contains a DNS rebinding authentication bypass vulnerability that allows remote attackers to bypass bearer-token authentication by exploiting the server's trust of TCP peer addresses for loopback clients combined with missing Host header validation while binding to...

7.7CVSS0.00286EPSS
Exploits0References7
CVE
CVE
added 6 days ago8 views

CVE-2026-27956

Affected product: Coolify (open-source self-hostable tool). Vulnerability: Cross-team domain enumeration via the endpoint GET /api/v1/servers/{server_uuid}/domains?uuid={app_uuid} allows any authenticated API user to enumerate FQDNs of applications belonging to other teams. Root cause (as stated)...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References1
Rows per page
Query Builder