Lucene search
K

5201 matches found

Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-14011

Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

0.00246EPSS
Exploits0References2
CVE
CVE
added 3 days ago8 views

CVE-2026-14010

Google Chrome on Windows is affected by CVE-2026-14010 due to an uninitialized use in codecs prior to version 150.0.7871.47. A remote attacker could read potentially sensitive data from process memory via a crafted HTML page. This affects Chrome on Windows; the vulnerability is categorized as Med...

6.5CVSS5.8AI score0.00302EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago8 views

CVE-2026-14011

The affected component is Google Chrome (SurfaceCapture) with an out-of-bounds read vulnerability in versions prior to 150.0.7871.47. The issue could allow a remote attacker to read memory via a crafted HTML page. Severity is described as Medium by Chromium, with CVSS-driven impact: Confidentiali...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago13 views

CVE-2026-13975

CVE-2026-13975 affects ANGLE in Google Chrome on macOS. The vulnerability is an out-of-bounds read in ANGLE that could allow a remote attacker who has compromised the renderer process to read potentially sensitive data from process memory via a crafted HTML page. The issue arises in Chrome prior ...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-13971

Uninitialized Use in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00271EPSS
Exploits0
CVE
CVE
added 3 days ago10 views

CVE-2026-13969

CVE-2026-13969 affects Google Chrome on Android: an uninitialized UI state in the renderer allows reading potentially sensitive memory via a crafted HTML page when the renderer is compromised. Exploitation involves a network attack with user interaction required; impact is confidentiality (high)....

5.3CVSS5.8AI score0.00271EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago9 views

CVE-2026-13943

CVE-2026-13943 affects Google Chrome on Android and is caused by uninitialized use in CSS. A crafted HTML page can allow a remote attacker to read potentially sensitive information from process memory. Affected version range is Chrome on Android prior to 150.0.7871.47; the issue is mitigated by u...

6.5CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago8 views

CVE-2026-13933

CVE-2026-13933 concerns insufficient policy enforcement in the Passwords feature of Google Chrome, prior to version 150.0.7871.47. A remote attacker who has already compromised the renderer process could exfiltrate potentially sensitive data from process memory via a crafted HTML page. The CVE is...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago10 views

CVE-2026-13905

Chrome for iOS on Google Chrome (iOS) is affected by a race in versions prior to 150.0.7871.47, allowing a local attacker with physical access to potentially read confidential data from process memory. The issue is documented across CVE-2026-13905 and EUVD-2026-40591. Remediation is to upgrade to...

4.2CVSS5.8AI score0.00092EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-13879

Use after free in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. Chromium security severity: Medium...

0.00156EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00276EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago20 views

CVE-2026-13858

Out of bounds read in FFmpeg in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted video file. Chromium security severity: Medium...

0.00276EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-13819

Out of bounds read in ANGLE in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

8.1CVSS5.8AI score0.00272EPSS
Exploits0
Debian CVE
Debian CVE
added 5 days ago5 views

CVE-2026-58058

Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6getdataprimitive libnetutil/netutil.cc, so the pointer advances past the buffer and the remaining-length computation underflows to a large value. A scanned target or on-path attacker returning a craft...

6.9CVSS5.9AI score0.00278EPSS
Exploits0
NVD
NVD
added last week9 views

CVE-2026-38571

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...

4.6CVSS0.00113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added last week8 views

CVE-2026-57437

A flaw was found in Nokogiri, an XML and HTML library for Ruby. This vulnerability occurs when an application directly constructs an XPathContext and allows its associated document to be garbage collected while the context is still in use. An attacker could potentially exploit this by causing the...

6.3CVSS5.6AI score0.00312EPSS
Exploits0References4
EUVD
EUVD
added last week5 views

EUVD-2026-39645

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00172EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 12:0 a.m.21 views

CVE-2026-38571

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...

0.00113EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 12:0 a.m.4 views

CVE-2026-38571

Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 V603 allow a physically proximate attacker to obtain stored WPA2 credentials in cleartext and to read or write...

4.6CVSS6AI score0.00113EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 12:0 a.m.8 views

CVE-2026-38571

The CVE-2026-38571 case concerns the Tenda N300 F3 device (version V603), where the unauthenticated UART debug console stores WPA2 credentials in cleartext and does not require authentication for rr/wr memory read/write commands. This enables a physically proximate attacker to extract stored WPA2...

4.6CVSS6AI score0.00113EPSS
Exploits0References1
Rows per page
Query Builder