Lucene search
K

181 matches found

CVE
CVE
added 5 days ago22 views

CVE-2026-15118

CVE-2026-15118 describes a Use-After-Free in Chrome’s Input component affecting Google Chrome versions prior to 150.0.7871.115. A remote attacker could exploit this via a crafted HTML page to execute arbitrary code within the browser sandbox. The Chrome advisories and related sources confirm the ...

8.8CVSS6.3AI score0.00242EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14431

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:16 p.m.4 views

CVE-2026-13848

Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00351EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 7:43 p.m.21 views

CVE-2026-43701

CVE-2026-43701 affects Apple's WebKit/Safari stack. The vulnerability allows a malicious website to process restricted web content outside the sandbox, with a network attack vector and no user interaction required per CVSS. Root cause involves checks in web content handling that could bypass sand...

7.1CVSS5.7AI score0.00182EPSS
Exploits0References3Affected Software4
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.8 views

CVE-2026-47140

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically process and inspector/promises. A...

10CVSS5.6AI score0.00536EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/09 9:50 a.m.17 views

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...

5.6AI score
Exploits0
NVD
NVD
added 2026/06/04 11:17 p.m.9 views

CVE-2026-11050

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.0028EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/04 11:4 p.m.8 views

CVE-2026-11049

Use after free in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6AI score0.0028EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/04 11:4 p.m.10 views

CVE-2026-10987

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:3 p.m.35 views

CVE-2026-10954

Use after free in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.0039EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the reuse of the WebRTC component after it was released, potentially allowing remote attackers to execute arbitra...

8.8CVSS6.3AI score0.00355EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/30 2:16 a.m.15 views

SUSE CVE-2026-9973

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0028EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/20 9:41 a.m.7 views

Incorrect Authorization

Overview twig/twig is a flexible, fast, and secure template language for PHP. Affected versions of this package are vulnerable to Incorrect Authorization via object-destructuring assignment handling in ObjectDestructuringSetBinary::compile. An attacker can bypass Twig sandbox property and method...

6.4CVSS5.9AI score0.00082EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 5:31 p.m.12 views

CVE-2026-44004 vm2: Host Process OOM DoS via Buffer.alloc (Timeout Bypass)

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, sandboxed code can call Buffer.alloc with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, vm2's timeout option cannot interrupt it. A single request can exhaust ho...

7.5CVSS6AI score0.00424EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:9 p.m.12 views

CVE-2026-43888 Outline: Zip Extraction Path Escape via PATH_MAX Truncation in Collection Import

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 7:36 p.m.12 views

Arbitrary Code Injection

Overview org.webjars.npm:mermaid is a package for generation of diagrams and flowcharts from text in a similar manner as markdown. Affected versions of this package are vulnerable to Arbitrary Code Injection due to improper sanitization of input passed to the addStyleClass function. An attacker c...

7.1CVSS5.7AI score0.00338EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/08 4:22 p.m.24 views

Improper Isolation or Compartmentalization

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization through the setupSandboxScript bootstrap in lib/vm.js and lib/setup-sandbox.js. An attacker can read the...

6.9CVSS5.9AI score0.00248EPSS
Exploits1References2
OSV
OSV
added 2026/05/08 5:47 a.m.9 views

BIT-JRE-2026-21932

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: AWT, JavaFX. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17...

7.4CVSS5.8AI score0.00427EPSS
Exploits0References11
OSV
OSV
added 2026/05/08 5:44 a.m.8 views

BIT-JRE-2021-35603

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated...

4.3CVSS5.8AI score0.04104EPSS
Exploits0References11
OSV
OSV
added 2026/05/08 5:43 a.m.12 views

BIT-JRE-2020-2805

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Libraries. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multipl...

8.3CVSS7.3AI score0.04051EPSS
Exploits0References15
Rows per page
Query Builder