Lucene search
K

23 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

7.5CVSS5.4AI score0.00249EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 12:10 a.m.11 views

CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/03 6:16 p.m.12 views

CVE-2026-8888 CVE-2026-8888

Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp without complexity validation. An on-path attacker can inject specific patterns to cause catastrophic backtracking, resulting in...

5.8AI score0.00432EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 6:15 p.m.6 views

CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

5.8AI score0.00249EPSS
Exploits0References2
CVE
CVE
added 2026/06/03 6:15 p.m.16 views

CVE-2026-8889

CVE-2026-8889 affects the Securly Chrome Extension, version 3.0.7. The underlying issue is the use of deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes). This weak crypto basis is cited across multiple sources (NVD, Red Hat, CERT, PT Sec...

7.5CVSS5.8AI score0.00249EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 6:15 p.m.34 views

CVE-2026-8889 CVE-2026-8889

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:15 p.m.16 views

EUVD-2026-34167

Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching 25,020 hashes and CIPA blocklist matching 12,352 hashes...

5.8AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:13 p.m.14 views

EUVD-2026-34166

Version 3.0.7 of the Securly Chrome Extension uses EVPBytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no key stretching...

5.7AI score0.00163EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 6:9 p.m.7 views

CVE-2026-8878

Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that are inadequately obfuscated using a simple Caesar cipher, which can be easily reversed to recover...

5.8AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 6:7 p.m.7 views

CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

5.7AI score0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 6:7 p.m.36 views

CVE-2026-8876 CVE-2026-8876

Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data...

0.00241EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 6:3 p.m.34 views

CVE-2026-8874 CVE-2026-8874

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:3 p.m.16 views

EUVD-2026-34161

Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension correctly fetch IWF and CIPA data over HTTPS, demonstrating an inconsistent implementation of TLS...

5.8AI score0.00138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.12 views

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from multiple exposed endpoints allowing unauthoriz...

7.5CVSS5.3AI score0.00211EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46049

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software contains hardcoded, plaintext AES passphrases within the securly.min.js file. These passphrases are used to decrypt intervention site data and crisis alert keyword data...

7.3CVSS5.7AI score0.00241EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, targeting educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from the use of...

7.3CVSS5.3AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.16 views

PT-2026-46051

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software dynamically registers content13.min.js as a content script at runtime using the chrome.scripting.registerContentScripts function. Because this script is not declared in the...

5.8AI score0.00374EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, targeting educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability arises from downloading...

7.1CVSS5.3AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46052

Name of the Vulnerable Software and Affected Versions Securly Chrome Extension version 3.0.7 Description The software uses the EVP BytesToKey key derivation function with MD5 and a single iteration for AES encryption. MD5 is a cryptographic hash function that is no longer secure, and the use of a...

5.8AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.12 views

Securly Chrome Extension 安全漏洞

Securly Chrome Extension is a web filtering and student online security management browser extension developed by the American company Securly, designed for educational scenarios. Version 3.0.7 of Securly Chrome Extension contains a security vulnerability. This vulnerability stems from the use of...

7.5CVSS5.3AI score0.00163EPSS
Exploits0References2
Rows per page
Query Builder