Lucene search
+L

25 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40734

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score0.00175EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14109

Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:37 p.m.7 views

CVE-2026-13793

Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00233EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54370

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Browser component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTM...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54070

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in SVG Scalable Vector Graphics allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update Google Chrome to...

9.6CVSS6AI score0.00413EPSS
Exploits0References450
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-54221

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to perform UI spoofing through a crafted Chrome Extension, provided they can convince a user to install the...

9.8CVSS6AI score0.00413EPSS
Exploits0References449
NVD
NVD
added 2026/06/17 8:16 p.m.10 views

CVE-2026-11407

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

8.6CVSS0.00623EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.5 views

DEBIAN-CVE-2026-11062

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.4AI score0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.20 views

PT-2026-46590

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Extensions allows an attacker to inject scripts or HTML into a privileged page. This occurs when a user is convinced to install a crafted malicious...

9.6CVSS5.8AI score0.00411EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.9 views

PT-2026-41101

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.168 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML pag...

8.8CVSS5.8AI score0.00498EPSS
Exploits0References87
EUVD
EUVD
added 2026/04/09 12:32 a.m.4 views

EUVD-2026-20709

Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 10:16 p.m.3 views

DEBIAN-CVE-2026-3934

Insufficient policy enforcement in ChromeDriver in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.3AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/03/11 10:4 p.m.29 views

CVE-2026-3939

Google Chrome/Chromium is affected by CVE-2026-3939 due to insufficient policy enforcement in PDF handling, allowing a crafted PDF to bypass navigation restrictions. Affected component: PDF policy enforcement in Chrome/Chromium prior to version 146.0.7680.71 (specific fixed versions cited by Debi...

6.5CVSS5.8AI score0.00147EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2026/02/11 12:0 a.m.8 views

HCL AION Information Disclosure Vulnerability (CNVD-2026-16397)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from an information disclosure vulnerability which is caused due to lack of content security policy. An attacker can exploit the vulnerability to cause unauthorized access...

5.3CVSS5.8AI score0.00179EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.5 views

Mitigating Cyber Risk in the Age of Open-Weight LLMs: Policy Gaps and Technical Realities

Open-weight general-purpose AI GPAI models offer significant benefits but also introduce substantial cybersecurity risks, as demonstrated by the offensive capabilities of models like DeepSeek-R1 in evaluations such as MITRE's OCCULT. These publicly available models empower a wider range of actors...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.5 views

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

9.8CVSS6.7AI score0.02844EPSS
Exploits1References4
OSV
OSV
added 2021/02/09 2:15 p.m.2 views

UBUNTU-CVE-2021-21126

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension...

6.5CVSS7.2AI score0.08726EPSS
Exploits0References2
OSV
OSV
added 2020/09/21 8:15 p.m.3 views

UBUNTU-CVE-2020-15963

Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

9.6CVSS7.3AI score0.01473EPSS
Exploits1References5
OSV
OSV
added 2020/05/21 4:15 a.m.1 views

DEBIAN-CVE-2020-6482

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

6.5CVSS7.5AI score0.0134EPSS
Exploits1References1
Rows per page
Query Builder