Lucene search
K

5071 matches found

Cvelist
Cvelist
added 4 days ago40 views

CVE-2026-59927 Mistune directives/include: mutual `.. include::` recursion crashes the renderer with `RecursionError`, denial of service via two attacker-controlled markdown files

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, the Include directive in src/mistune/directives/include.py detects only direct self-includes and not indirect cycles, allowing two markdown files that include each other to trigger unbounded recursion, raise...

5.3CVSS0.00307EPSS
Exploits1References3
NVD
NVD
added 4 days ago10 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added 4 days ago9 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-57241 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42180

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-57253

An abnormal image object causes the renderer to enter the wrong processing branch. When converting the scan lines, an invalid image buffer pointer is used, resulting in the application crashing...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56352

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An abnormal image object causes the renderer to enter an incorrect processing branch. During the conversion of scan lines, the application uses an invalid image buffer pointer...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56639

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in the Core component on Windows allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is...

6AI score0.00178EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56638

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A race condition in the GetUserMedia function allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered via a...

6AI score0.00147EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-58402 Hugo default code block renderer XSS via unescaped code-fence language

Hugo is a static site generator. From 0.60.0 until 0.163.3, Hugo's default code-block renderer wrote the Markdown code-fence language or info-string into the code class="language-…" data-lang="…" wrapper without HTML escaping. A fence info-string containing a quote and a script payload breaks out...

5.1CVSS0.00172EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41168

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00259EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.9 views

EUVD-2026-41169

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.6 views

EUVD-2026-41170

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41156

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.5 views

EUVD-2026-41164

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00237EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41184

Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41171

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00233EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.5 views

EUVD-2026-41158

Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0019EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.7 views

EUVD-2026-41167

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00237EPSS
Exploits0References3
Rows per page
Query Builder