Lucene search
K

1246 matches found

The Hacker News
The Hacker News
added yesterday6 views

AI-Generated Browser Ransomware Abuses Chromium API on Windows and Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both...

8.8CVSS7.2AI score0.99739EPSS
Exploits9
OSV
OSV
added 3 days ago5 views

PYSEC-2026-331 excel-mcp-server has a Path Traversal issue

Summary A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or Streamable-HTTP transport mode the documented way to use this server remotely, an unauthenticated attacker on the network can read, write, and overwrite arbitrary files on...

9.4CVSS6AI score0.00391EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-44022

A flaw was found in Docling, a tool for document processing. The LaTeX backend, responsible for handling commands like \includegraphics, \input, and \include, lacked proper validation for file paths. This vulnerability allows an attacker to craft a malicious LaTeX document containing path travers...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/19 2:0 p.m.61 views

Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.2CVSS5.8AI score0.00153EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/19 8:50 a.m.9 views

CVE-2026-12460

An insufficient policy enforcement flaw was found in the File System Access component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517484284...

8CVSS5.8AI score0.00153EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.7 views

SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.2AI score0.00153EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.8 views

EUVD-2026-37545

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS0.00153EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 1:20 p.m.19 views

DEBIAN-CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.6 views

CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

4.2CVSS5.3AI score0.00153EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.18 views

PT-2026-50210

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description Insufficient policy enforcement in File System Access allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted PDF file. Site...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References40
FreeBSD
FreeBSD
added 2026/06/11 12:0 a.m.8 views

chromium -- security fixes

Chrome Releases reports: This update includes 33 security fixes: 516496659 Critical CVE-2026-12437: Use after free in WebShare. 516947912 Critical CVE-2026-12438: Inappropriate implementation in WebView. 519728275 Critical CVE-2026-12439: Use after free in Digital Credentials. 519731619 Critical...

9.6CVSS5.5AI score0.00601EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.14 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS0.00473EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 4:50 p.m.39 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS0.00473EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 4:50 p.m.11 views

EUVD-2026-35135

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:50 p.m.6 views

CVE-2026-25856

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/08 4:50 p.m.9 views

CVE-2026-25856 OpenBullet2 0.3.2 Authenticated RCE via Job Configuration Interface

OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C code on the server host by creating or modifying job configurations. Attackers can leverage the plain C execution mode, which lacks reference...

8.8CVSS6.6AI score0.00473EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/07 5:18 a.m.11 views

CVE-2026-11258

An inappropriate implementation flaw was found in the File System Access component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499078161...

6.5CVSS5.4AI score0.00201EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:40 a.m.7 views

SUSE CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.5AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder