Lucene search
K

1202 matches found

Nuclei
Nuclei
added yesterday43 views

Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task. id: CVE-2015-4074 info: name: Joomla! Helpdesk Pro plugin 1.4.0 - Local File...

7.5CVSS7.2AI score0.5651EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday147 views

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

7.1CVSS6.5AI score0.01448EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday62 views

AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

7.2CVSS7.1AI score0.03229EPSS
Exploits2References3
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.83 views

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40525

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00218EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.5 views

PT-2026-54679

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in ANGLE allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

9.6CVSS6AI score0.00413EPSS
Exploits0References440
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.8 views

PT-2026-54678

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description Insufficient validation of untrusted input in ANGLE, a compatibility layer that translates OpenGL ES calls to other graphics APIs, allows a remote attacker to potentially perform a...

9.6CVSS6AI score0.00413EPSS
Exploits0References440
NVD
NVD
added 2026/06/30 11:16 p.m.9 views

CVE-2026-13822

Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.19 views

CVE-2026-13819

CVE-2026-13819 affects Google Chrome on macOS via ANGLE. The vulnerability is an out-of-bounds memory read in ANGLE that could be triggered by a crafted HTML page when the renderer is compromised, with impact described as high. Remediation: update to Chrome 150.0.7871.47 or later. Exploitation st...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:37 p.m.14 views

CVE-2026-13814

CVE-2026-13814 affects Google Chrome (Views) with use-after-free in the rendering/Views UI path, prior to 150.0.7871.47. Root cause: use-after-free leading to potential heap corruption. Attack flow requires user interaction (specific UI gestures) and a crafted HTML page; impact is high confidenti...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 9:51 p.m.5 views

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.8AI score0.00115EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.14 views

Astra Linux – Vulnerability in Chromium

A out-of-bounds read in Blink within Google Chrome before version 146.0.7680.153 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.13 views

Astra Linux – Vulnerability in Chromium

“Type Confusion in V8 in Google Chrome” before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00306EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Chromium

Using “after free” in Dawn in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00313EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.18 views

CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.0019EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.10 views

CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.3AI score0.00109EPSS
Exploits0
CVE
CVE
added 2026/06/11 8:48 p.m.37 views

CVE-2026-12026

CVE-2026-12026 : Affected product is Google Chrome/Chromium on ChromeOS. The vulnerability is an out-of-bounds read in the Video component, allowing a remote attacker who has compromised the renderer process to read sensitive data from process memory via a crafted HTML page. Root cause described ...

6.5CVSS5.5AI score0.00236EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47471

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out-of-bounds read and write issue exists in V8, the JavaScript and WebAssembly engine used by Google Chrome. This flaw allows a remote attacker to execute arbitrary code within the...

10CVSS8AI score0.01654EPSS
Exploits4References218
SUSE CVE
SUSE CVE
added 2026/06/07 4:49 a.m.11 views

SUSE CVE-2026-10959

Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00361EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 11:4 p.m.10 views

CVE-2026-10973

Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00985EPSS
Exploits0References2
Rows per page
Query Builder