CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

205 matches found

Cvelist•added 2024/03/20 5:6 p.m.•24 views

CVE-2024-2631

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.2AI score0.00166EPSS

Exploits0References5

Cvelist•added 2024/03/20 5:6 p.m.•23 views

CVE-2024-2630

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.4AI score0.00123EPSS

Exploits0References5

OSV•added 2024/02/21 4:15 a.m.•17 views

CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.2AI score

Exploits0References4

OSV•added 2024/02/21 4:15 a.m.•15 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.1AI score

Exploits0References4

Cvelist•added 2024/02/21 3:14 a.m.•23 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

5.2AI score0.00325EPSS

Exploits1References4

OSV•added 2024/01/24 12:15 a.m.•16 views

CVE-2024-0809

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.2AI score

Exploits0References4

Veracode•added 2023/12/19 7:53 a.m.•19 views

PKCE Downgrade Attack

yiisoft/yii2-authclient is vulnerable to PKCE Downgrade Attack. The vulnerability is caused due to an insecure implementation of PKCE. The application doesn't use authCodeVerifier securely. An attacker can gain unauthorized access to protected resources by exploiting this vulnerability...

8.8CVSS6.9AI score0.0015EPSS

Exploits1References6Affected Software1

OSV•added 2023/12/06 2:15 a.m.•16 views

CVE-2023-6511

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.2AI score

Exploits0References6

Code423n4•added 2023/11/29 12:0 a.m.•12 views

Return values of approve() not checked

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

7.1AI score

Exploits0

NVD•added 2023/11/01 6:15 p.m.•22 views

CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...

6.1CVSS6.3AI score0.00226EPSS

Exploits0References9

UbuntuCve•added 2023/11/01 6:15 p.m.•23 views

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...

4.3CVSS6.3AI score0.00707EPSS

Exploits0References4

Vulnrichment•added 2023/10/30 4:56 p.m.•10 views

CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00013EPSS

Exploits0References1

Positive Technologies•added 2023/10/30 12:0 a.m.•2 views

PT-2023-18141 · Scudo · Scudo

Name of the Vulnerable Software and Affected Versions: Scudo affected versions not specified Description: The issue is related to an insecure implementation or design in Scudo, allowing an attacker to predict heap allocation patterns. This could lead to local information disclosure without...

5.5CVSS5AI score0.00013EPSS

Exploits0References3

OSV•added 2023/10/11 11:15 p.m.•20 views

CVE-2023-5478

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5AI score

Exploits0References6

OSV•added 2023/10/11 11:15 p.m.•14 views

CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.1AI score

Exploits0References8

Prion•added 2023/10/11 11:15 p.m.•17 views

Design/Logic Flaw

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS4.8AI score0.00054EPSS

Exploits0References6Affected Software2

Cvelist•added 2023/10/11 10:28 p.m.•20 views

CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Medium...

6.7AI score0.00156EPSS

Exploits0References8

Debian CVE•added 2023/10/11 10:28 p.m.•23 views

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS6.9AI score0.00044EPSS

Exploits0

Veracode•added 2023/10/09 5:4 a.m.•19 views

Improper Provisioning

libzephyr.so is vulnerable to Improper Provisioning. The vulnerability arises from an insecure implementation of the provisionee in the provpubkey function of provdevice.c within the Bluetooth component. If the provisionee has a public key sent out-of-band OOB, it can be sent back during...

8.6CVSS6.8AI score0.00166EPSS

Exploits0References3Affected Software1

OSV•added 2023/09/12 9:15 p.m.•18 views

CVE-2023-4908

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.1AI score

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by