Lucene search
K

100 matches found

Debian CVE
Debian CVE
added last week4 views

CVE-2026-15109

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS6AI score0.00215EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-14011

Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13998

Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00154EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.19 views

CVE-2026-14031

CVE-2026-14031 corresponds to an Inappropriate implementation in Google Chrome’s File Input component, allowing a remote attacker to perform UI spoofing through a crafted HTML page. Affected software: Google Chrome (and Chromium-based components) with versions prior to 150.0.7871.47. Root cause (...

4.3CVSS5.8AI score0.00169EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-10911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process t...

8.3CVSS5.5AI score0.00305EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:5 p.m.35 views

CVE-2026-11179

Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.11 views

CVE-2026-11175

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00234EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 11:16 p.m.15 views

DEBIAN-CVE-2026-9959

Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.8AI score0.00137EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 11:16 p.m.12 views

CVE-2026-9896

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00291EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in ANGLE in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.6AI score0.01344EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/14 7:52 p.m.25 views

CVE-2026-8517

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS6.2AI score0.00498EPSS
Exploits0
EUVD
EUVD
added 2026/05/14 6:33 p.m.12 views

EUVD-2026-30363

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:2 p.m.8 views

CVE-2026-42961

ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...

5.1CVSS5.8AI score0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 6:13 p.m.7 views

CVE-2026-8016

Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.22 views

PT-2026-37281

Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...

5.4CVSS6AI score0.0015EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.9 views

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31503

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in WebML could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The security...

9.6CVSS5.8AI score0.00608EPSS
Exploits0References65
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30370

MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...

7.2CVSS5.9AI score0.00201EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 2:5 p.m.7 views

CVE-2026-33479

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

8.8CVSS6.3AI score0.00531EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/12 9:30 p.m.259 views

CVE-2026-3909

CVE-2026-3909 is a Google Chrome/Skia vulnerability: an out-of-bounds write in Skia could allow a remote attacker to trigger out-of-bounds memory access via a crafted HTML page. Affects Chrome before 146.0.7680.75; exploits are known to exist in the wild. Chrome/Chromium advisories note that fixe...

8.8CVSS5.8AI score0.01629EPSS
In wildExploits1References3Affected Software1
Rows per page
Query Builder