CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Debian CVE•added 2026/05/14 7:52 p.m.•7 views

CVE-2026-8571

Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00114EPSS

Debian CVE•added 2026/05/14 7:52 p.m.•5 views

CVE-2026-8557

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.8AI score0.00073EPSS

EUVD•added 2026/05/14 7:52 p.m.•4 views

EUVD-2026-30456

8.3CVSS5.8AI score0.00073EPSS

Vulnrichment•added 2026/05/14 7:52 p.m.•6 views

CVE-2026-8541

Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.0003EPSS

CVE•added 2026/05/14 7:52 p.m.•12 views

CVE-2026-8543

CVE-2026-8543 describes an out-of-bounds read in the FileSystem component of Google Chrome on macOS. The issue exists before Chrome 148.0.7778.168 and can be triggered when a user is convinced to perform specific UI gestures on a crafted HTML page, potentially allowing access to sensitive data fr...

5.3CVSS5.8AI score0.0003EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/05/14 7:52 p.m.•7 views

CVE-2026-8538

Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.8AI score0.00092EPSS

Cvelist•added 2026/05/14 7:52 p.m.•26 views

CVE-2026-8535

Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted JPEG file. Chromium security severity: High...

0.0003EPSS

ATTACKERKB•added 2026/05/14 7:52 p.m.•3 views

CVE-2026-8535

5.3CVSS5.8AI score0.0003EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/05/14 7:52 p.m.•6 views

CVE-2026-8510

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

7.5CVSS5.9AI score0.00109EPSS

OSV•added 2026/05/14 7:25 p.m.•3 views

MAL-2026-3753 Malicious code in chai-as-regulated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f7f8d21f5d33db136b1e10fc7fbb6d2a1540240911b0630e7fc9f8724c7b26 Package is published as chai-as-regulated, a name mimicking the widely-used chai-as-promised Chai plugin, and the README instructs users to register ...

5.8AI score

OSSF Malicious Packages•added 2026/05/14 7:25 p.m.•6 views

Malicious code in node-ci-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1593e77b5e2763e7ace49c239accedfe30209faea11bc07cf3901a7253798444 On require'node-ci-utils', index.js runs a top-level init that, on Linux, creates a hidden directory /.local/share/.nodecache/, downloads an opaque...

5.9AI score

NVD•added 2026/05/14 7:16 p.m.•8 views

CVE-2026-44522

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS0.00632EPSS

CVE•added 2026/05/14 6:44 p.m.•10 views

CVE-2026-44522

Vulnerability summary (CVE-2026-44522) Note Mark up to 0.19.3 allows authenticated users to upload assets with a crafted X-Name header containing directory traversal. The asset name is stored in the database without validation, and is later passed directly to filepath.Join()/path.Join() during ex...

8.6CVSS6AI score0.00632EPSS

Cvelist•added 2026/05/14 6:44 p.m.•26 views

CVE-2026-44522 Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leading to Remote Code Execution

8.6CVSS0.00632EPSS

Snyk•added 2026/05/14 3:23 p.m.•4 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the pgbasebackup or pgrewind process. An attacker can overwrite arbitrary files on the local system by leveraging symlink following, potentially hijacking the operating system account. This is on...

8.8CVSS6AI score0.00049EPSS

Microsoft Secure•added 2026/05/14 3:0 p.m.•9 views

Kazuar: Anatomy of a nation-state botnet

In this article 1. Delivery 2. Module types 3. Botnet operations 4. Who is Secret Blizzard? 5. Mitigation and protection guidance 6. Microsoft Defender detections Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for...

6.1AI score