CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

DEBIAN-CVE-2026-10964

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.0008EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в w3m

There is a out-of-bounds write vulnerability in checkType, located in etc.c in w3m 0.5.3. This vulnerability can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause a Denial of Service attack, or potentially cause other unspecified impacts...

7.8CVSS7.1AI score0.00142EPSS

Exploits1References1

Positive Technologies•added 2026/03/23 12:0 a.m.•2 views

PT-2026-27274

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 146.0.7680.165 Description A heap buffer overflow exists in the WebAudio component of Google Chrome. This flaw allows a remote attacker to perform an out-of-bounds memory write through a specially crafted HTML...

8.8CVSS6AI score0.00065EPSS

Exploits0References23

Positive Technologies•added 2026/03/04 12:0 a.m.•2 views

PT-2026-22974

Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 1.5.2 ClamAV versions prior to 1.4.4 Description A flaw exists in the HTML Cascading Style Sheets CSS module of ClamAV that could allow a remote, unauthenticated attacker to cause a denial of service DoS condition. Thi...

5.3CVSS5.9AI score0.00042EPSS

Exploits0References26

OSV•added 2025/09/08 6:15 p.m.•2 views

CVE-2025-56265

An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file...

8.8CVSS7.8AI score

Exploits0References3

Positive Technologies•added 2024/08/28 12:0 a.m.•3 views

PT-2024-31668 · Htmldoc +3 · Htmldoc +3

Name of the Vulnerable Software and Affected Versions: HTMLDOC versions prior to 1.9.19 Description: The issue is related to an out-of-bounds write in the parse paragraph function in ps-pdf.cxx due to an attempt to strip leading whitespace from a whitespace-only node. This flaw can lead to a...

10CVSS5.9AI score0.00288EPSS

Exploits9References69

ATTACKERKB•added 2024/03/04 8:15 a.m.•2 views

CVE-2023-4479

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period...

7.3CVSS7.5AI score0.0018EPSS

Exploits0References4

OSV•added 2023/07/14 6:15 p.m.•0 views

ALPINE-CVE-2023-38252

An out-of-bounds read flaw was found in w3m, in the Strnewsize function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file...

5.5CVSS6.2AI score0.00014EPSS

Exploits1References1

CNVD•added 2018/08/08 12:0 a.m.•4 views

Click Studios Passwordstate Cross-Site Scripting Vulnerability

Click Studios Passwordstate is a web-based password manager from Click Studios Australia. A cross-site scripting vulnerability exists in versions prior to Click Studios Passwordstate 8.3 Build 8397. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via ...

5.4CVSS5.3AI score0.00294EPSS

Exploits0References1

CNVD•added 2018/04/19 12:0 a.m.•3 views

LogMeIn LastPass Denial of Service Vulnerability

LogMeIn LastPass is a free, cross-platform online password management tool from LogMeIn USA. The tool can be integrated with browsers and provides them with password management, autofill forms and other features, supporting random password generation, import and export passwords, multiple...

7.5CVSS7AI score0.01482EPSS

Exploits1References1

RedHat Linux•added 2016/03/10 7:6 a.m.•1 views

chromium-browser: use-after-free in Blink

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...

9.3CVSS7.5AI score0.01831EPSS

Exploits0References5

RedHat Linux•added 2011/01/25 5:6 p.m.•3 views

WebKit: multiple vulnerabilities in WebKitGTK

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service memory...

9.3CVSS7.8AI score0.04496EPSS

Exploits0References4

RedHat Linux•added 2010/07/21 1:0 a.m.•4 views

Mozilla Cross-origin data disclosure via Web Workers and importScripts

The importScripts Web Worker method in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that content is valid JavaScript code, which allows remote attackers to bypass the Same Origin Polic...

4.3CVSS7.4AI score0.00186EPSS

Exploits1References4

Vulnrichment•added 2009/07/29 5:0 p.m.•2 views

CVE-2009-2493

The Active Template Library ATL in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2; does not properly...

6.2AI score0.52563EPSS

Exploits1References36

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by