Lucene search
K

1713 matches found

OSV
OSV
added yesterday2 views

DEBIAN-CVE-2026-14087

Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.1AI score
Exploits0References1
OSV
OSV
added yesterday3 views

DEBIAN-CVE-2026-14015

Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-14015

Race in WebRTC in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-13961

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security...

5.3CVSS
Exploits0References2
CVE
CVE
added yesterday12 views

CVE-2026-14117

The CVE-2026-14117 entry concerns Google Chrome’s DevTools on Windows prior to version 150.0.7871.47. The vulnerability is described as insufficient validation of untrusted input in DevTools, which could enable a remote attacker to obtain potentially sensitive information from process memory when...

5.3CVSS5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-14113

The CVE-2026-14113 entry describes a use-after-free in Chrome’s Updater on Windows before 150.0.7871.47. A remote attacker who already compromised the renderer could potentially escape the sandbox via a crafted HTML page. The issue is tied to the Chromium-based Updater component; exact root cause...

9.6CVSS5.8AI score
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-14113

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.8AI score
Exploits0
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-13925

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.2AI score
Exploits0
CVE
CVE
added yesterday9 views

CVE-2026-13875

Chrome on Windows is affected by CVE-2026-13875 due to insufficient validation of untrusted input in the GPU, enabling a renderer-compromised attacker to potentially read process memory via a crafted HTML page. The issue is tied to Chromium-based Chrome and is reported as a Medium-severity vulner...

5.3CVSS5.8AI score
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-13844

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.8AI score
Exploits0
NVD
NVD
added 6 days ago7 views

CVE-2026-4522

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...

6.7CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-46733

Dell Display and Peripheral Manager (DDPM Windows) before version 2.3 is affected by an Improper Access Control vulnerability that could allow a low-privilege, locally authenticated attacker to achieve code execution. The available documents do not specify the exact root cause, exploit path, or a...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-39390

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:43 p.m.32 views

CVE-2026-13038

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

0.0026EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 8:36 p.m.10 views

Security Bulletin: Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system

Summary IBM Storage Protect Snapshot For Windows is affected by allowing a remote unauthenticated attacker to bypass authentication and gain SYSTEM-level access due to a hardcoded credential. Vulnerability Details CVEID:CVE-2026-12628 DESCRIPTION: IBM Storage Protect Client 8.1.0.0 through 8.2.1....

9.1CVSS5.9AI score0.00357EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 6:16 p.m.14 views

CVE-2026-54286

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:55 p.m.8 views

Malicious code in routecraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/19 3:55 p.m.8 views

MAL-2026-6229 Malicious code in routecraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...

5.9AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.9AI score0.00623EPSS
Exploits0References2
Rows per page
Query Builder