Lucene search
K

77 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40826

Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00163EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14034

Inappropriate implementation in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13891

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS0.00302EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.6 views

CVE-2026-14067

Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score0.00413EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.23 views

CVE-2026-13900

Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

0.00297EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 7:17 p.m.3 views

DEBIAN-CVE-2026-13026

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00195EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.13 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00354EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/11 6:28 p.m.22 views

CVE-2026-47171 Quest Bot: Reminder messages allow stored mass mentions through `@everyone` and `@here`

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When the reminder triggers, the bot sends the stored message back into the channel without suppressing...

8.8CVSS0.00324EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11653

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.4AI score0.00225EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/07 4:51 a.m.8 views

SUSE CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.5AI score0.00326EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/05 6:18 p.m.31 views

CVE-2026-46391 HAX open-apis: Credential Theft via Server-Side Request Forgery (SSRF) in open-apis

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching to validate hostnames to which basic authorization should be sent. An attacker can append the...

8.7CVSS0.00457EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.14 views

EUVD-2026-34747

Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 11:3 p.m.29 views

CVE-2026-10967

CVE-2026-10967 affects Google Chrome on Android and is due to a use-after-free in SurfaceCapture. A remote attacker who has compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. The issue is triggered in Chrome versions prior to 149.0.7827.53; the fi...

8.3CVSS5.8AI score0.00267EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 11:3 p.m.24 views

CVE-2026-10905

CVE-2026-10905 affects Google Chrome (desktop) and describes a use-after-free in Network within the Chromium rendering process. A remote attacker who gains control of the renderer could potentially escape the sandbox via a crafted HTML page, because the vulnerability resides in the network path u...

8.3CVSS5.8AI score0.00286EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.13 views

PT-2026-46717

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Extensions allows an attacker to bypass discretionary access control—a type of security mechanism that restricts access to objects based on the identi...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
EUVD
EUVD
added 2026/05/14 7:52 p.m.14 views

EUVD-2026-30407

Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00175EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 7:52 p.m.11 views

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00207EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/13 9:11 p.m.48 views

CVE-2026-44442

ERPNext (free/open source ERP) has a vulnerability in versions prior to 16.9.1 where certain endpoints did not enforce proper authorization, allowing users to modify data beyond their permitted role due to missing validation. The issue affects endpoints that perform data modification and is class...

9.9CVSS5.8AI score0.00279EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/28 1:7 p.m.5 views

JLSEC-2026-288 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo...

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

9.4CVSS5.3AI score0.00276EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 2:46 p.m.12 views

CVE-2026-34822

Endian Firewall prior to 3.3.25 is affected by a stored XSS in the new_cert_name parameter of /manage/ca/certificate/. An authenticated attacker can inject JavaScript that is stored and executed when other users view the page. CVE-2026-34822; exploitation details, affected versions, and remediati...

6.4CVSS5.9AI score0.00092EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder