Lucene search
K

15200 matches found

NVD
NVD
added 2026/07/03 4:16 p.m.7 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS0.00142EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 3:16 a.m.7 views

CVE-2022-4990

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation...

7.3CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 2026/07/03 3:16 a.m.8 views

CVE-2022-4989

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation...

8.5CVSS0.00103EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/03 2:1 a.m.7 views

CVE-2022-4989

UNSUPPORTED WHEN ASSIGNED Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation...

8.5CVSS5.8AI score0.00103EPSS
Exploits0References2
CVE
CVE
added 2026/07/03 2:0 a.m.18 views

CVE-2022-4990

CVE-2022-4990 affects the ASUS AI Suite 3 driver. The vulnerability arises from improper validation of a specified quantity in input, enabling a local attacker to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. The docume...

7.3CVSS5.8AI score0.00096EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.10 views

PT-2026-55548

Name of the Vulnerable Software and Affected Versions FreeIPA ipa-otpd daemon affected versions not specified Description Two off-by-one errors exist in the OAuth2 device authorization handler of the ipa-otpd daemon. These errors can lead to out-of-bounds memory access when the daemon processes a...

4.2CVSS6AI score0.00142EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55489

Name of the Vulnerable Software and Affected Versions ASUS AI Suite 3 affected versions not specified Description Improper validation of the specified quantity in the input of the ASUS AI Suite 3 driver allows a local user to access unintended memory regions. This is achieved through crafted IOCT...

8.5CVSS5.9AI score0.00103EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 1:54 p.m.3 views

SUSE-SU-2026:2726-1 Security update for python-tornado

This update for python-tornado fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

5.9AI score0.00052EPSS
Exploits0References7
OSV
OSV
added 2026/07/02 1:52 p.m.4 views

SUSE-SU-2026:2725-1 Security update for python-tornado6

This update for python-tornado6 fixes the following issues - CVE-2026-49853: authorization header forwarded across cross-origin redirects in SimpleAsyncHTTPClient bsc1268395. - CVE-2026-49854: out-of-bounds memory access via C extension bsc1268396. - CVE-2026-49855: AsyncHTTPClient accumulates...

5.9AI score0.00052EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/02 2:18 a.m.11 views

EUVD-2026-41226

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS5.8AI score0.00215EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41192

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00215EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41176

Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00271EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41179

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00263EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41171

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.6 views

EUVD-2026-41182

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00189EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41155

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14414

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 11:16 p.m.6 views

CVE-2026-14385

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00327EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 10:22 p.m.25 views

CVE-2026-14408

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 10:22 p.m.26 views

CVE-2026-14399

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

0.00224EPSS
Exploits0References2
Rows per page
Query Builder