Lucene search
K

487 matches found

OSV
OSV
added 2026/05/07 4:40 p.m.5 views

GHSA-J944-W549-3453 Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/07 4:40 p.m.12 views

Cinny vulnerable to access token disclosure via invalidated emoji pack avatar URL in service worker

Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes for example in a DM can cause the victim's client to send their Matrix access token to an attacker-controlled server. This occurs when the victim opens the emoji or sticker picker for...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References4Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/07 2:0 p.m.10 views

Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

3.1CVSS5.8AI score0.00187EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-7958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension ...

5.4CVSS6AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.15 views

PT-2026-38614

Name of the Vulnerable Software and Affected Versions Cinny versions prior to 4.10.3 Description A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes can cause the victim's client to send their Matrix access token to an attacker-controlled...

7.1CVSS5.9AI score0.00302EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/06 9:31 p.m.5 views

EUVD-2026-28029

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/06 9:31 p.m.5 views

EUVD-2026-27947

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References3
NVD
NVD
added 2026/05/06 7:16 p.m.6 views

CVE-2026-7963

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.6 views

CVE-2026-7922

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 7:16 p.m.8 views

CVE-2026-7909

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00187EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.8 views

CVE-2026-7922

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.6 views

CVE-2026-7909

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.7AI score0.00187EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/06 7:16 p.m.7 views

CVE-2026-7958

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 6:12 p.m.16 views

CVE-2026-7963

CVE-2026-7963 affects Google Chrome prior to 148.0.7778.96 due to an inappropriate ServiceWorker implementation that could allow a sandbox escape when a renderer process is compromised via a crafted HTML page. The issue is documented across multiple sources (NVD, Debian OSV, EUVD, CVE list, and C...

8.3CVSS5.8AI score0.00222EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/06 6:12 p.m.15 views

CVE-2026-7958

Summary: CVE-2026-7958 describes an UXSS vulnerability in Google Chrome caused by an inappropriate implementation in the ServiceWorker, reported for Chrome versions before 148.0.7778.96. An attacker could persuade a user to install a malicious extension, enabling injection of arbitrary scripts or...

5.4CVSS5.9AI score0.00142EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 6:12 p.m.8 views

CVE-2026-7922

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00206EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.35 views

CVE-2026-7922

Use after free in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00206EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:12 p.m.13 views

CVE-2026-7922

This CVE-2026-7922 affects Google Chrome (ServiceWorker) and is caused by a use-after-free in ServiceWorker code, enabling a potential sandbox escape via a crafted HTML page. The issue is categorized as High severity with CVSS: Network attack vector, high impact on confidentiality, integrity, and...

8.3CVSS5.8AI score0.00206EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/06 6:12 p.m.8 views

CVE-2026-7909

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of ServiceWorker. This vulnerability could allow remote attackers to execute a sandbox escape through a speciall...

8.3CVSS5.9AI score0.00222EPSS
Exploits0References3
Rows per page
Query Builder