CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

236 matches found

Vulnrichment•added 2025/08/13 2:43 a.m.•1 views

CVE-2025-8881

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00096EPSS

Exploits0References2

Cvelist•added 2025/08/13 2:43 a.m.•4 views

CVE-2025-8881

0.00096EPSS

Exploits0References2

Positive Technologies•added 2025/08/12 12:0 a.m.•1 views

PT-2025-32961 · Google +1 · Google Chrome +1

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 139.0.7258.127 Description: An inappropriate implementation in the File Picker component allowed a remote attacker to leak cross-origin data. The attack required convincing a user to perform specific UI gesture...

8.8CVSS6.6AI score0.00759EPSS

Exploits0References41

Tenable Nessus•added 2025/08/12 12:0 a.m.•5 views

Google Chrome < 139.0.7258.127 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 139.0.7258.127. It is, therefore, affected by multiple vulnerabilities as referenced in the 202508stable-channel-update-for-desktop12 advisory. - Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a...

8.8CVSS8AI score0.00759EPSS

Exploits0References11

Tenable Nessus•added 2025/08/12 12:0 a.m.•5 views

Google Chrome < 139.0.7258.127 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 139.0.7258.127. It is, therefore, affected by multiple vulnerabilities as referenced in the 202508stable-channel-update-for-desktop12 advisory. - Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a...

8.8CVSS8AI score0.00759EPSS

Exploits0References11

Kaspersky•added 2025/08/12 12:0 a.m.•3 views

KLA86542 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Aura can be exploited to cause denial of service or execute...

8.8CVSS9.2AI score0.00759EPSS

Exploits0References3

FreeBSD•added 2025/08/12 12:0 a.m.•12 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 6 security fixes: 432035817 High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15 433533359 High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee @0x10n on 2025-07-23 435139154 High CVE-2025-8901: Out of bounds...

8.8CVSS8.6AI score0.00759EPSS

Exploits0References1

Tenable Nessus•added 2025/08/10 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2023-4575

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all...

6.5CVSS7.3AI score0.00137EPSS

Exploits0References2

Tenable Nessus•added 2025/08/10 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-38504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption a...

8.8CVSS8.3AI score0.01293EPSS

Exploits0References2

The Hacker News•added 2025/05/28 1:41 p.m.•26 views

Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File

Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth...

6.7AI score

Exploits0

RedhatCVE•added 2025/05/23 4:23 a.m.•5 views

CVE-2023-43360

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...

5.4CVSS6.9AI score0.00386EPSS

Exploits1

RedhatCVE•added 2025/05/22 9:20 p.m.•6 views

CVE-2021-23956

An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox 85...

6.5CVSS6.1AI score0.00137EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 4:11 p.m.•5 views

CVE-2020-22732

CMS Made Simple CMSMS 2.2.14 allows stored XSS via the Extensions Fie Picker...

4.8CVSS5.6AI score0.00321EPSS

Exploits0

Veracode•added 2024/04/03 10:29 a.m.•23 views

Denial Of Service (DoS)

moodle/moodle is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient file size checks in the file picker's unzip functionality. An attacker can cause a denial of service by uploading specially crafted zip files...

7.5CVSS6.4AI score0.00292EPSS

Exploits0References7Affected Software1