Lucene search
K

17 matches found

EUVD
EUVD
added 2025/11/26 2:8 a.m.6 views

EUVD-2025-199690

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

9.6CVSS8.4AI score0.00591EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/11/26 2:8 a.m.5 views

CVE-2025-66022 FACTION Unauthenticated Custom Extension Upload leads to RCE

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

9.6CVSS8.5AI score0.00591EPSS
Exploits1References2
CNVD
CNVD
added 2025/06/20 12:0 a.m.5 views

Google ChromeOS Permission Issues Vulnerability

Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...

9.8CVSS6.2AI score0.00219EPSS
Exploits1References1
NVD
NVD
added 2025/06/16 5:15 p.m.15 views

CVE-2025-6179

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...

9.8CVSS0.00219EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/16 4:56 p.m.4 views

CVE-2025-6179 ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools...

9.3AI score0.00219EPSS
Exploits1References2
CVE
CVE
added 2025/06/16 4:56 p.m.284 views

CVE-2025-6179

Summary of CVE-2025-6179 (ChromeOS) : The issue is a permissions bypass in ChromeOS Extension Management affecting Google ChromeOS, version 16181.27.0 on managed devices. The underlying problem allows a local attacker to disable extensions and gain Developer Mode, including loading additional ext...

9.8CVSS6.4AI score0.00219EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.2 views

Google ChromeOS 安全漏洞

Google ChromeOS is a Linux kernel-based operating system developed by Google. Google ChromeOS suffers from a privilege issue vulnerability. The vulnerability stems from a privilege bypass in extension management, which can be exploited by an attacker to disable extensions on ChromeOS and access...

9.8CVSS6.9AI score0.00219EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/04/22 5:15 p.m.39 views

CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions

ManageWiki is a MediaWiki extension allowing users to manage wikis. Prior to commit 00bebea, when enabling a conflicting extension, a restricted extension would be automatically disabled even if the user did not hold the ManageWiki-restricted right. This issue has been patched in commit 00bebea. ...

4.6CVSS0.00182EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/04/22 12:0 a.m.3 views

ManageWiki 授权问题漏洞

ManageWiki is an open source extension for Miraheze. A license issue vulnerability exists in ManageWiki, which stems from improper extension management and could result in restricted extensions being automatically disabled...

4.6CVSS6.6AI score0.00182EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.6 views

PT-2025-25577 · Google · Chrome Os

Name of the Vulnerable Software and Affected Versions: Google ChromeOS version 16181.27.0 Description: The issue allows a local attacker to bypass permissions in Extension Management, enabling them to disable extensions and access Developer Mode. This can lead to the loading of additional...

10CVSS6.2AI score0.00219EPSS
Exploits1References7
The Hacker News
The Hacker News
added 2023/08/16 11:12 a.m.34 views

Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security

More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud...

6.6AI score
Exploits0
OSV
OSV
added 2022/08/18 7:15 p.m.4 views

ALPINE-CVE-2022-2625

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

8CVSS7.3AI score0.0152EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.3 views

Apple macOS 安全特征问题漏洞

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security signature issue vulnerability exists in Apple macOS prior to version 11.4, which originates in the Kext Management subsystem, and can be exploited by a local attacker to bypass implemented security...

7.8CVSS6.9AI score0.00309EPSS
Exploits0References6
OSV
OSV
added 2020/12/22 5:24 p.m.7 views

OPENSUSE-SU-2020:2318-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2020-55 bsc1180039 CVE-2020-16042 bmo1679003 Operations on a BigInt could have caused uninitialized memory to be exposed...

8.8CVSS8AI score0.01876EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2020/01/22 12:0 a.m.6 views

PT-2020-1242 · Libyang · Libyang

Name of the Vulnerable Software and Affected Versions: libyang versions prior to 1.0-r3 Description: A NULL pointer dereference issue is present in the lys extension instances free function due to a copy of unresolved extensions in lys restr dup. This can cause applications that use libyang to...

8.8CVSS6.6AI score0.0279EPSS
Exploits7References42
0day.today
0day.today
added 2018/05/01 12:0 a.m.59 views

macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rul

Exploit for macOS platform in category dos / poc Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel |...

9.3CVSS7.7AI score0.04436EPSS
Exploits4
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2013/02/21 12:0 a.m.38 views

Stable Channel Update

The Chrome team is excited to announce the promotion of Chrome 25 to the Stable Channel. Chrome 25.0.1364.97 for Windows and Linux, and 25.0.1364.99 for Mac contain a number of new items including: Improvements in managing and securing your extensions Better support for HTML5 time/date inputs...

7.5CVSS10AI score0.0225EPSS
Exploits0Affected Software1
Rows per page
Query Builder