Lucene search
K

8073 matches found

NVD
NVD
added 2026/03/11 10:16 p.m.4 views

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00261EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 10:16 p.m.2 views

DEBIAN-CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.4AI score0.00261EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 10:16 p.m.10 views

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.5 views

CVE-2026-3928

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.1AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3928

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00123EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3928

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 10:4 p.m.25 views

CVE-2026-3928

Insufficient policy enforcement in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

0.00123EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 10:4 p.m.12 views

CVE-2026-3928

CVE-2026-3928 is a vulnerability in Chromium-based extensions handling in Google Chrome. The issue is insufficient policy enforcement in the Extensions framework, allowing a user-assisted attacker who lures a target to install a malicious extension to perform UI spoofing via the extension. Affect...

4.3CVSS5.8AI score0.00123EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/11 10:4 p.m.3 views

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.3AI score0.00261EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/11 10:4 p.m.1 views

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00261EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/11 10:4 p.m.8 views

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00261EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/11 10:4 p.m.25 views

CVE-2026-3919

Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.00261EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 10:4 p.m.17 views

CVE-2026-3919

Summary of CVE-2026-3919 : The vulnerability is a use-after-free in Chrome/Chromium extensions, enabling potential heap corruption via a crafted HTML page. The issue affects Chrome/Chromium prior to version 146.0.7680.71. Public feeds show Chromium updates delivering fixes in the 146.0.7680.164 c...

8.8CVSS5.8AI score0.00261EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/11 5:54 p.m.6 views

CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/11 1:14 a.m.4 views

kernel: x86/tdx: Fix "in-kernel MMIO" check

A flaw was found in the Linux kernel. Userspace can deceive the kernel into performing MMIO Memory-Mapped IO operations in TDX Trust Domain Extensions on its behalf, allowing a VE Virtualization Exception to be incorrectly handled as a in-kernel MMIO operation...

7.8CVSS7.2AI score0.00247EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/11 12:34 a.m.6 views

Cross-site Scripting (XSS)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file upload. An attacker can execute arbitrary scripts in the context of the application...

9.6CVSS5.7AI score0.00245EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/11 12:34 a.m.7 views

Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/11 12:34 a.m.2 views

GHSA-V5HF-F4C3-M5RV Parse Server vulnerable to stored XSS via file upload of HTML-renderable file types

Impact An attacker can upload a file with a file extension or content type that is not blocked by the default configuration of the Parse Server fileUpload.fileExtensions option. The file can contain malicious code, for example JavaScript in an SVG or XHTML file. When the file is accessed via its...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References5
OSV
OSV
added 2026/03/11 12:17 a.m.3 views

GHSA-HCJ7-6GXH-24WW Parse Server vulnerable to stored cross-site scripting (XSS) via SVG file upload

Impact A stored cross-site scripting XSS vulnerability allows any authenticated user to upload an SVG file containing JavaScript. The file is served inline with Content-Type: image/svg+xml and without protective headers, causing the browser to execute embedded scripts in the Parse Server origin...

8.3CVSS5.8AI score0.00216EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2026/03/10 12:0 a.m.7 views

chromium -- security fixes

Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...

9.6CVSS6AI score0.00417EPSS
Exploits0References1
Rows per page
Query Builder