Lucene search
K

483 matches found

Microsoft CVE
Microsoft CVE
added 2026/05/07 8:3 a.m.18 views

Prometheus: remote read endpoint allows denial of service via crafted snappy payload

...

7.5CVSS5.8AI score0.00761EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-7989

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perfo...

4.2CVSS6AI score0.00163EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-7943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process t...

4.2CVSS6AI score0.00163EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-7964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer...

4.2CVSS6AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 9:31 p.m.6 views

EUVD-2026-27927

Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

4.2CVSS6AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 7:16 p.m.9 views

CVE-2026-7989

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00163EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.8 views

CVE-2026-7943

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:13 p.m.26 views

CVE-2026-7989

CVE-2026-7989 affects Google Chrome versions prior to 148.0.7778.96 due to insufficient data validation in DataTransfer within the renderer. A remote attacker who has compromised the renderer process could trigger arbitrary read/write via a crafted HTML page. The issue is documented across multip...

4.2CVSS6AI score0.00163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.33 views

CVE-2026-7964

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

0.00176EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/06 6:12 p.m.7 views

CVE-2026-7962

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

6AI score0.00171EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:12 p.m.101 views

CVE-2026-7962

CVE-2026-7962 describes insufficient policy enforcement in Chrome’s DirectSockets, allowing a remote attacker to trigger arbitrary read/write via a crafted Chrome Extension. Public documents identify the vulnerable component as DirectSockets in Google Chrome, with the root cause tied to policy en...

5.4CVSS6AI score0.00171EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.32 views

CVE-2026-7962

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.32 views

CVE-2026-7950

Out of bounds read and write in GFX in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via malicious network traffic. Chromium security severity: Medium...

0.00171EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 2:43 p.m.5 views

BIT-JAVA-2023-22045

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6,...

3.7CVSS6.5AI score0.01164EPSS
Exploits0References7
OSV
OSV
added 2026/05/06 2:43 p.m.6 views

BIT-JAVA-2023-22044

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for...

3.7CVSS6.2AI score0.01127EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 2:42 p.m.4 views

BIT-JAVA-MIN-2022-21282

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

5.3CVSS6.5AI score0.02877EPSS
Exploits0References7
OSV
OSV
added 2026/05/06 2:42 p.m.7 views

BIT-JAVA-MIN-2020-2778

Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...

4.3CVSS6.7AI score0.02298EPSS
Exploits0References6
OSV
OSV
added 2026/05/06 2:41 p.m.7 views

BIT-JAVA-MIN-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS5.8AI score0.02296EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2026/05/06 12:8 p.m.10 views

Security update for erlang

This update for erlang fixes the following issues: CVE-2026-21620: remote arbitrary read/write via TFTP relative path traversal bsc1258663. CVE-2026-23941: HTTP Request Smuggling in Erlang OTP bsc1259687. CVE-2026-23942: path traversal vulnerability in Erlang OTP bsc1259681. CVE-2026-23943: denia...

9.1CVSS7.2AI score0.00644EPSS
Exploits0References20
OSV
OSV
added 2026/05/06 8:50 a.m.5 views

BIT-PROMETHEUS-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6
Rows per page
Query Builder