Lucene search
K

7554 matches found

Nuclei
Nuclei
added yesterday25 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS7.1AI score0.00567EPSS
Exploits1References2
OSV
OSV
added yesterday2 views

GO-2026-5897 Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder

Coder vulnerable to workspace auto-creation via crafted URL parameters without user consent in github.com/coder/coder...

8.1CVSS5.9AI score
Exploits0References7
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41156

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41205

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41159

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00348EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago5 views

react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests

A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service DoS, causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby...

7.5CVSS7.3AI score0.02499EPSS
Exploits0References6
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-14427

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References1
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-14423

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.0022EPSS
Exploits0References1
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-14420

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References1
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-14410

Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-14415

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00253EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-14401

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00237EPSS
Exploits0References2
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-14393

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00281EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-14391

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.00233EPSS
Exploits0References2
NVD
NVD
added last week6 views

CVE-2026-14387

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS0.00276EPSS
Exploits0References2
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-14381

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References1
CVE
CVE
added last week19 views

CVE-2026-14432

The CVE-2026-14432 entry documents a use-after-free in V8 affecting Google Chrome’s JavaScript engine prior to version 150.0.7871.46 . This vulnerability could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, as described in multiple sources. Affected co...

8.8CVSS6.2AI score0.00247EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week19 views

CVE-2026-14403

CVE-2026-14403: Use-after-free in V8 (Chrome) allows remote code execution inside a sandbox via a crafted HTML page on Chrome versions prior to 150.0.7871.46. Severity is listed as Low; the vulnerability stems from a V8 use-after-free condition. Documents do not specify exploitation status or con...

8.8CVSS6.2AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added last week26 views

CVE-2026-14417

Use after free in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

0.00206EPSS
Exploits0References2
Debian CVE
Debian CVE
added last week4 views

CVE-2026-14421

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00215EPSS
Exploits0
Rows per page
Query Builder