20491 matches found
CVE-2026-12167
The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...
CVE-2026-12167
The Minifilter communication port for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to access privileged driver functionality via a communication interface that lacks appropriate access restrictions...
Vite server.fs.deny Bypass - Local File Inclusion
Vite is a frontend tooling framework for javascript. The contents of arbitrary files can be returned to the browser. By adding ?.svg with ?.wasm?init or with sec-fetch-dest- script header, the server.fs.deny restriction was able to bypass. This bypass is only possible if the file is smaller than...
Oracle Weblogic - Server-Side Request Forgery
An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. id: CVE-2014-4210 info: name: Oracle Weblogic - Server-Side Request Forgery author:...
CVE-2026-56377
A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. Mitigati...
EUVD-2026-40504
Inappropriate implementation in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: High...
CVE-2026-56377
ImageMagick before 7.1.2-24 contains an incorrect policy check that allows attackers to create or truncate files disallowed by security policies. Remote attackers can bypass path policy restrictions in sandboxed conversion services to write arbitrary files outside intended boundaries...
CVE-2026-56233
Capgo before 12.128.2 contains a path traversal vulnerability in the builder upload proxy that allows authenticated users with build permissions to bypass upload restrictions. Attackers can append traversal sequences to the upload path, which are normalized by the WHATWG URL parser, enabling acce...
DEBIAN-CVE-2026-14054
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14054
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13974
Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Medium...
DEBIAN-CVE-2026-13964
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13929
Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Medium...
CVE-2026-13900
Inappropriate implementation in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13896
Insufficient policy enforcement in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14066
Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14065
CVE-2026-14065 affects Google Chrome prior to 150.0.7871.47. The issue is insufficient validation of untrusted input in PageInfo, which could allow a remote attacker who already compromised the renderer process to bypass navigation restrictions via a crafted HTML page. The common description acro...
CVE-2026-14054
The CVE-2026-14054 entry concerns Google Chrome (Chromium base) with an issue in policy enforcement that allowed navigation restriction bypass via a crafted HTML page, affecting versions prior to 150.0.7871.47. The vulnerability is described as low severity (CVSS 4.3, MEDIUM by some scales) with ...
CVE-2026-13962
Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13926
The CVE-2026-13926 entry concerns Google Chrome prior to 150.0.7871.47, where insufficient validation of untrusted input in the Network component allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. The primary impact is a p...