Lucene search
+L

4536 matches found

Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.8 views

CVE-2026-13875

Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00281EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.27 views

CVE-2026-13876

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.19 views

CVE-2026-13858

CVE-2026-13858 involves an out-of-bounds read in FFmpeg when used by Google Chrome prior to version 150.0.7871.47. The vulnerability could allow a remote attacker to read process memory via a crafted video file, with the impact described as high confidentiality risk and no changes to integrity/av...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:37 p.m.26 views

CVE-2026-13848

Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

0.00351EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:37 p.m.29 views

CVE-2026-13845

CVE-2026-13845 – A use-after-free in Google Chrome’s DOM handling prior to 150.0.7871.47 allows a remote attacker to execute arbitrary code inside the sandbox via a crafted HTML page. Affected software: Google Chrome (Chromium-based). Root cause: use-after-free in DOM manipulation. Impact: remote...

8.8CVSS6.2AI score0.00351EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:37 p.m.17 views

CVE-2026-13822

CVE-2026-13822 affects Google Chrome on Android prior to version 150.0.7871.47. The issue is an inappropriate implementation in Chrome Extensions that lets an attacker who persuades a user to install a malicious extension bypass the same-origin policy via a crafted Chrome Extension. Impact is des...

6.5CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:37 p.m.22 views

CVE-2026-13799

CVE-2026-13799 is a heap-corruption risk caused by a Use-After-Free in QUIC within Google Chrome prior to 150.0.7871.47. Public sources consistently describe the vulnerability as a QUIC-related use-after-free issue that could be triggered by malicious network traffic, leading to potential heap co...

8.1CVSS5.8AI score0.00298EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 3:55 p.m.2 views

CVE-2026-58173 Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type

Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...

6CVSS6.1AI score0.00307EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 2:28 p.m.6 views

CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...

5CVSS6AI score0.00162EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54253

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the HTMLParser allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that allows scripts to execute across...

9.6CVSS6.2AI score0.00413EPSS
Exploits0References448
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54150

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read occurs in the Layout component, which allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. An out...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-40082

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing sessionregenerateid after login, leading to Session...

5.4CVSS6.2AI score0.00183EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.12 views

PT-2026-54119

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description An improper implementation allows a remote attacker to spoof the contents of the Omnibox URL bar by using a crafted HTML page. Recommendations Update Google Chrome on iOS to...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-54162

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description A use after free issue in Skia allows a remote attacker to execute arbitrary code within a sandbox by inducing the user to visit a specially crafted HTML page. Use after free...

9.6CVSS6.3AI score0.00448EPSS
Exploits0References449
OSV
OSV
added 2026/06/29 4:7 p.m.6 views

CVE-2026-13750 Snowflake CLI Sensitive Credential Exposure Through Debug Logging

Insertion of sensitive information into log files in Snowflake CLI versions prior to 3.19 allowed plaintext credentials to be written to persistent local debug logs. An attacker could exploit this by obtaining read access to the affected user's local log files, causing credentials such as...

5.5CVSS5.9AI score0.00108EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-401 parisneo/lollms vulnerable to stored XSS in the social feature

A Stored Cross-Site Scripting XSS vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the createpost function within backend/routers/social/init.py, where user-provided content is directly assigned to the...

9.6CVSS7.3AI score0.00405EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-552 TkEasyGUI Vulnerable to OS Command Injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construc...

9.8CVSS7.4AI score0.02716EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

FreeBSD : ffmpeg -- Out-of-bounds write (ba8d239f-709f-11f1-a30e-28d2443e6cfa)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ba8d239f-709f-11f1-a30e-28d2443e6cfa advisory. https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23159 reports: An out-of-bounds write vulnerability in...

8.8CVSS6.1AI score0.00477EPSS
Exploits3References4
OSV
OSV
added 2026/06/26 8:24 p.m.3 views

JLSEC-2026-653 An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV...

An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some cases, can be exploited for remote code execution. This vulnerability is associated with the file libavcodec/magicyuv.C. This issue affects FFmpeg befor...

8.8CVSS6AI score0.00477EPSS
Exploits3References6
CVE
CVE
added 2026/06/26 12:38 p.m.30 views

CVE-2026-57925

JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder