CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

281 matches found

OSV•added 2026/01/27 9:16 p.m.•0 views

CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score

Exploits0References2

CVE•added 2026/01/27 8:46 p.m.•40 views

CVE-2026-1504

CVE-2026-1504 concerns the Background Fetch API in Chromium/Google Chrome, where an inappropriate implementation allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected software is Chromium/Chrome prior to 144.0.7559.110 (per the initial description). The root cause ...

6.5CVSS5.9AI score0.00059EPSS

Exploits1References2Affected Software1

AlpineLinux•added 2026/01/27 8:46 p.m.•2 views

CVE-2026-1504

6.5CVSS8.6AI score0.00059EPSS

Exploits1

Cvelist•added 2026/01/27 8:46 p.m.•14 views

CVE-2026-1504

0.00059EPSS

Exploits1References2

Vulnrichment•added 2026/01/27 8:46 p.m.•6 views

CVE-2026-1504

5.9AI score0.00059EPSS

Exploits1References2

Debian CVE•added 2026/01/27 8:46 p.m.•5 views

CVE-2026-1504

6.5CVSS8.7AI score0.00059EPSS

Exploits1

Google Chrome Security Advisories•added 2026/01/27 12:0 a.m.•8 views

Stable Channel Update for Desktop

The Stable channel has been updated to 144.0.7559.109/.110 for Windows/Mac and 144.0.7559.109 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. Security Fixes and Rewards Note: Access to bug details and links may be kept...

6.5CVSS5.9AI score0.00059EPSS

Exploits1Affected Software1

Positive Technologies•added 2026/01/27 12:0 a.m.•4 views

PT-2026-5021

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 144.0.7559.110 Description An issue in the Background Fetch API in Google Chrome allowed a remote attacker to leak cross-origin data through a specially crafted HTML page. The security severity is rated as High...

7.8CVSS5.9AI score0.00059EPSS

Exploits1References32

Tenable Nessus•added 2026/01/27 12:0 a.m.•3 views

Google Chrome < 144.0.7559.109 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.109. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop27 advisory. - Inappropriate implementation in Background Fetch API in Google Chrome prior to...

6.5CVSS8.8AI score0.00059EPSS

Exploits1References3

Tenable Nessus•added 2026/01/27 12:0 a.m.•2 views

Google Chrome < 144.0.7559.109 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 144.0.7559.109. It is, therefore, affected by a vulnerability as referenced in the 202601stable-channel-update-for-desktop27 advisory. - Inappropriate implementation in Background Fetch API in Google Chrome prior to...

6.5CVSS8.8AI score0.00059EPSS

Exploits1References3

FreeBSD•added 2026/01/27 12:0 a.m.•4 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 474435504 High CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera @lbherrera on 2026-01-09...

6.5CVSS5.9AI score0.00059EPSS

Exploits1References1

Tenable Nessus•added 2026/01/20 12:0 a.m.•3 views

MiracleLinux 9 : nodejs:18 (AXSA:2023-6072:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6072:01 advisory. glob-parent: Regular Expression Denial of Service CVE-2021-35065 c-ares: buffer overflow in configsortlist due to missing string length check...

8.6CVSS8AI score0.00416EPSS

Exploits5References9

Github Security Blog•added 2026/01/14 9:6 p.m.•15 views

Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Impact The fetch API supports chained HTTP encoding algorithms for response content according to RFC 9110 e.g., Content-Encoding: gzip, br. This is also supported by the undici decompress interceptor. However, the number of links in the decompression chain is unbounded and the default maxHeaderSi...

7.5CVSS9AI score0.00024EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2026/01/14 7:7 p.m.•2 views

CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

5.9CVSS6.3AI score0.00024EPSS

Exploits0References2

Hacker One•added 2025/12/08 1:21 a.m.•4 views

Node.js: Unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

A vulnerability was discovered in the Fetch API of Node.js that allowed an unbounded number of links in the decompression chain for HTTP responses. This could lead to resource exhaustion, as the default maxHeaderSize allowed a malicious server to insert thousands of compression steps, resulting i...

5.6AI score

Exploits0

Tenable Nessus•added 2025/11/18 12:0 a.m.•3 views

Mozilla Firefox ESR < 52.4

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-22 advisory. - Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason Kratzer, Randell Jesup, Tom...

10CVSS8.2AI score0.12063EPSS

Exploits3References10