Lucene search
K

10411 matches found

EUVD
EUVD
added 5 hours ago3 views

EUVD-2026-40779

Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 5 hours ago2 views

EUVD-2026-40580

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-13894

CVE-2026-13894 involves Chrome where insufficient policy enforcement in the network allowed a user with privileged network access to bypass navigation restrictions via a crafted HTML page. Affected software: Google Chrome (Chromium-based) before version 150.0.7871.47. Root cause: policy enforceme...

5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-13862

CVE-2026-13862 concerns Google Chrome on iOS, prior to version 150.0.7871.47. The issue is described as insufficient policy enforcement in Web Authentication (Passkeys & Security Keys), which could enable an attacker in a privileged network position to leak cross-origin data through a crafted HTM...

5.8AI score
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2023-20572

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2023-20540

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity...

1.8CVSS0.00114EPSS
Exploits0References1
CVE
CVE
added 5 days ago22 views

CVE-2023-20572

CVE-2023-20572 describes a timing discrepancy in the ASP that could enable a local attacker to brute-force the hash message authentication code, risking data integrity. The connected AMD bulletin AMD-SB-4012 references potential vulnerabilities on AMD Client Processor platforms affecting ASP and ...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago4 views

EUVD-2023-60598

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity...

5.6CVSS5.9AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 5 days ago18 views

CVE-2023-20540

CVE-2023-20540 describes a timing discrepancy in the AMD Secure Processor (ASP) that could enable a privileged attacker to brute-force the hash-based MAC, potentially compromising data integrity. Affected component: AMD Secure Processor / ASP in AMD client/server platforms using ASP. Root cause: ...

1.8CVSS5.9AI score0.00114EPSS
Exploits0References1
CVE
CVE
added 6 days ago10 views

CVE-2026-49506

Dell Wyse Management Suite before version 5.5 HF1 is affected by CVE-2026-49506: an improper limitation of a pathname to a restricted directory (path traversal) could allow a high-privilege attacker with remote access to achieve remote code execution. Affected product: Dell Wyse Management Suite;...

7.2CVSS6AI score0.00548EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/22 8:16 p.m.10 views

CVE-2026-44272

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access...

8.8CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 6:51 p.m.30 views

CVE-2026-44273

Dell Wyse Management Suite WMS, versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information Disclosure...

6CVSS0.00104EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A flaw was discovered in the Netfilter subsystem of the Linux kernel. The xtu32 module failed to validate the fields within the xtu32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value that exceeds the bounds of the...

6.7CVSS6.4AI score0.00397EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A flaw was discovered in the XFRM subsystem of the Linux kernel. The specific flaw occurs during the processing of state filters, which can lead to a read of data beyond the end of an allocated buffer. This flaw allows a local privileged CAPNETADMIN attacker to trigger an out-of-bounds read,...

4.4CVSS6.1AI score0.0042EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...

5.3CVSS6.2AI score0.00429EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation of Omnibox in Google Chrome prior to version 99.0.4844.51 allowed an attacker with privileged network access to perform a man-in-the-middle attack through malicious network traffic. Chromium security severity: Low...

3.1CVSS5.8AI score0.00238EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in amd64-microcode

Incomplete system memory cleanup in the SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity...

4.4CVSS6.2AI score0.00199EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-54219

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were...

5.1CVSS0.00293EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/18 8:48 a.m.7 views

CVE-2026-55748

A flaw was found in OpenStack Horizon. This vulnerability allows a highly privileged remote attacker, with user interaction, to craft a project name containing shell metacharacters. When scripts for OpenStack RC file downloading are produced, these metacharacters may be processed, potentially...

6CVSS5AI score0.0019EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 5:16 p.m.10 views

CVE-2026-35069

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...

8CVSS0.00229EPSS
Exploits0References1
Rows per page
Query Builder