Lucene search
K

8146 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54275

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input within the Extensions component allows an attacker to perform UI spoofing. This occurs when a user is convinced to install a specially crafted...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54322

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to bypass the content security policy if a user is convinced to install a malicious extension. This is achieved through ...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54417

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in Extensions allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. UI spoofing is a...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-6450

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled...

5.3CVSS6AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54168

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input within the Extensions component allows a remote attacker who has already compromised the renderer process to achieve privilege escalation. Thi...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
OSV
OSV
added 2026/06/29 8:10 a.m.2 views

OPENSUSE-SU-2026:21163-1 Security update for yt-dlp

This update for yt-dlp fixes the following issues: Changes in yt-dlp: - Update to version 2026.06.09 Fixed CVE-2026-50019: File Downloader cookie leak with curl Fixed CVE-2026-50023: Dangerous file type creation via insufficient filename sanitization Fixed CVE-2026-50574: Arbitrary code execution...

9.6CVSS6.2AI score0.00555EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/25 10:21 p.m.10 views

EUVD-2026-31395

golang.org/x/crypto/ssh: FIDO/U2F security key physical presence check can be bypassed...

9.1CVSS5.8AI score0.00373EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.8 views

golang.org/x/crypto: FIDO/U2F security key physical presence check can be bypassed

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

9.1CVSS6AI score0.00373EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31390

golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...

9.1CVSS5.8AI score0.00403EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.8 views

golang.org/x/crypto doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS6AI score0.00403EPSS
Exploits0References20Affected Software1
OSV
OSV
added 2026/06/25 9:16 p.m.3 views

UBUNTU-CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/25 8:18 p.m.22 views

CVE-2026-6450 CRL critical extension bypass in ParseCRL_Extensions

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:18 p.m.6 views

EUVD-2026-39559

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS5.8AI score0.0018EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:18 p.m.7 views

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

1CVSS5.8AI score0.0018EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/25 8:18 p.m.12 views

CVE-2026-6450

CVE-2026-6450 – CRL critical extension bypass : The vulnerability lies in ParseCRL_Extensions where enforcement of critical CRL extensions is insufficient, allowing a crafted CRL with an unhandled critical extension to be accepted. This affects builds with CRL support enabled when the parsed CRL ...

5.3CVSS5.8AI score0.0018EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:18 p.m.5 views

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

5.3CVSS5.8AI score0.0018EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 7:59 p.m.6 views

EUVD-2026-39553

ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...

6.3CVSS5.9AI score0.00161EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5154 Rancher Extensions have arbitrary file access via path traversal in github.com/rancher/rancher

Rancher Extensions have arbitrary file access via path traversal in github.com/rancher/rancher. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

8.4CVSS6AI score0.00368EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 1:1 p.m.10 views

CVE-2026-52690

CVE-2026-52690 affects the PowerDNS Recursor. Spoofed replies can cause an authoritative server’s IP to be marked as not supporting EDNS, leading to DNSSEC validation failures for records served by that server. The vulnerability’s impact is documented as enabling validation failures in the presen...

5.9CVSS5.8AI score0.00352EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 8:38 a.m.6 views

EUVD-2026-39267

In the Linux kernel, the following vulnerability has been resolved: IB/isert: Reject login PDUs shorter than ISERHEADERSLEN In drivers/infiniband/ulp/isert/ibisert.c, isertloginrecvdone computes the login request payload length as wc-bytelen minus ISERHEADERSLEN with no lower bound, and loginreql...

6AI score0.00742EPSS
Exploits0References8
Rows per page
Query Builder