Lucene search
K

418 matches found

NVD
NVD
added 2 hours ago3 views

CVE-2026-52843

Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials,...

9.3CVSS0.00033EPSS
Exploits0References4
NVD
NVD
added 4 days ago9 views

CVE-2026-61429

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-61429 PraisonAI before 1.6.78 SSRF via Crawl4AI Chromium backend

PraisonAI versions before 1.6.78 contain a server-side request forgery vulnerability in the Crawl4AI/Chromium backend that allows attackers to bypass SSRF validation by exploiting DNS rebinding and HTTP redirects. Attackers can craft URLs that resolve to internal services after the initial...

8.5CVSS0.00221EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2026/07/02 1:4 p.m.16 views

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...

6AI score
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40518

Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00278EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a...

8.3CVSS6.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:16 p.m.5 views

CVE-2026-13832

Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 p.m.4 views

DEBIAN-CVE-2026-13832

Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:37 p.m.18 views

CVE-2026-13832

CVE-2026-13832 affects Google Chrome Headless prior to 150.0.7871.47, where a use-after-free in the Headless renderer could allow a remote attacker who has already compromised the renderer to bypass the sandbox via a crafted HTML page. The vulnerability is described as high impact with potential ...

8.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:37 p.m.6 views

CVE-2026-13832

Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00278EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:37 p.m.29 views

CVE-2026-13832

Use after free in Headless in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54109

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists in the Headless mode of the browser. This flaw allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox...

9.8CVSS6AI score0.00413EPSS
Exploits0References451
OSV
OSV
added 2026/06/29 4:44 p.m.6 views

MAL-2026-6654 Malicious code in app-hotmart-blog-headless (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d84025bf61426d455a22babbef859c4d8e9cd9d9312bd6c93dfcdb8ad5264db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:44 p.m.12 views

Malicious code in app-hotmart-blog-headless (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2d84025bf61426d455a22babbef859c4d8e9cd9d9312bd6c93dfcdb8ad5264db Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
NVD
NVD
added 2026/06/24 2:17 p.m.21 views

CVE-2026-12537

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:37 p.m.8 views

EUVD-2026-38790

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS6.3AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:37 p.m.87 views

CVE-2026-12537

Summary (CVE-2026-12537) : The vulnerability affects Google Gemini CLI container launcher (versions prior to 0.39.1) and the run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI platforms. It stems from improper neutralization in an OS command, enabling an unprivileged attacker ...

10CVSS6.3AI score0.00134EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/06/24 1:37 p.m.39 views

CVE-2026-12537 Unauthenticated Remote Code Execution in Gemini CLI CI/CD Workflows

Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI versions prior to 0.39.1 and run-gemini-cli GitHub Action versions prior to 0.1.22 on headless CI platforms allows an unprivileged attacker to achieve pre-sandbox host-level code execution a maliciously...

10CVSS0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-51788

Name of the Vulnerable Software and Affected Versions Google Gemini CLI versions prior to 0.39.1 run-gemini-cli GitHub Action versions prior to 0.1.22 Description An OS command injection flaw exists in the container launcher used on headless CI platforms. The issue stems from unsafe parsing and...

10CVSS6.4AI score0.00134EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/22 4:41 a.m.11 views

CVE-2026-12027

The following flaw was identified in the Chromium browser: Insufficient policy enforcement Headless. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517517155...

9.6CVSS5.8AI score0.00224EPSS
Exploits0References5
Rows per page
Query Builder