Lucene search
K

5149 matches found

OSV
OSV
added 2026/06/30 11:17 p.m.6 views

DEBIAN-CVE-2026-14090

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...

8.1CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14090

Insufficient validation of untrusted input in CameraCapture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Low...

9.8CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-14011

Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.1CVSS0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13985

Inappropriate implementation in MediaCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00254EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13942

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13942

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

3.3CVSS0.00117EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.3 views

CVE-2026-14011

Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

8.1CVSS5.8AI score0.00246EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:38 p.m.19 views

CVE-2026-14011

The affected component is Google Chrome (SurfaceCapture) with an out-of-bounds read vulnerability in versions prior to 150.0.7871.47. The issue could allow a remote attacker to read memory via a crafted HTML page. Severity is described as Medium by Chromium, with CVSS-driven impact: Confidentiali...

8.1CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:38 p.m.15 views

CVE-2026-13985

The CVE-2026-13985 issue affects Google Chrome (Chromium-based) where an inappropriate implementation in MediaCapture allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Impact is UI spoofing with no confidentiality or availability lo...

6.5CVSS5.8AI score0.00254EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.24 views

CVE-2026-13942

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

0.00117EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.7 views

CVE-2026-13942

Inappropriate implementation in Video Capture in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

3.3CVSS5.8AI score0.00117EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:38 p.m.146 views

CVE-2026-13942

CVE-2026-13942 affects Google Chrome on ChromeOS prior to 150.0.7871.47, where an inappropriate implementation in the Video Capture component allows a local attacker to perform UI spoofing through a crafted HTML page. The issue is explicitly described across multiple sources as a local vulnerabil...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54287

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read exists in SurfaceCapture, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when th...

9.6CVSS6.1AI score0.00413EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54365

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the CameraCapture component allows a remote attacker to perform an out-of-bounds memory read, which occurs when a user visits a...

9.8CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54261

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the MediaCapture component allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is achieved by using...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-265 NASA AMMOS Instrument Toolkit: Path traversal resulting in arbitrary file append (can be triggered over the network by unauthenticated attacker)

Summary The Binary Stream Capture BSC component exposes an unauthenticated HTTP API for dynamically creating packet capture “handlers.” Because the code blindly trusts path‑related form fields, a remote client can: - Bypass the configured log root and direct BSC to log to arbitrary filesystem...

9.1CVSS6.1AI score0.00163EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/29 6:16 a.m.8 views

kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture aloop driver. This Use-After-Free UAF vulnerability occurs when loopbackcheckformat stops the capture side during a format change, while a concurrent close operation detaches or frees the runtime. An attacker could...

7.8CVSS6.8AI score0.00103EPSS
Exploits0References5
NVD
NVD
added 2026/06/28 2:16 a.m.12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.33 views

CVE-2026-58056 RustDesk - FileTransfer Session Authorization Scope Bypass

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/06/28 1:32 a.m.55 views

CVE-2026-58056

RustDesk is affected by a session-authorization scope bypass in FileTransfer sessions. The root cause is gating incoming control messages on per-capability flags rather than the session’s authorized connection type; a peer with only valid FileTransfer authorization can inject keyboard/mouse input...

7.6CVSS5.8AI score0.00191EPSS
Exploits0References2
Rows per page
Query Builder