CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 5 days ago•2 views

DEBIAN-CVE-2026-11227

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...

6.5CVSS5.5AI score0.00022EPSS

Exploits0References1

CVE•added 5 days ago•12 views

CVE-2026-11227

Summary: CVE-2026-11227 affects Google Chrome’s Tab Hover Cards UI. The vulnerability is a mismatch in the security UI that could allow a remote attacker to spoof a domain via a crafted domain name. The issue is associated with Chrome versions before 149.0.7827.53 (Chromium security severity: Low...

6.5CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1

Cvelist•added 5 days ago•26 views

CVE-2026-11227

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...

0.00022EPSS

Debian CVE•added 5 days ago•5 views

CVE-2026-11227

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...

6.5CVSS5.5AI score0.00022EPSS

Exploits0

Vulnrichment•added 5 days ago•4 views

CVE-2026-11227

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...

5.5AI score0.00022EPSS

ATTACKERKB•added 5 days ago•4 views

CVE-2026-11227

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...

5.8AI score0.00022EPSS

Exploits0References3Affected Software1

Nuclei•added 6 days ago•6 views

WordPress Image Hover Ultimate - Unauthenticated Settings Update

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin. id: CVE-2021-36888 info: name: WordPress Image Hover Ultimate - Unauthenticated Settings Update author: riteshs4hu severity:...

9.8CVSS7.3AI score0.68275EPSS

Exploits1References2

Positive Technologies•added 2026/06/02 12:0 a.m.•6 views

PT-2026-46753

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Incorrect security UI in Tab Hover Cards allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 or later...

9.6CVSS5.8AI score0.04468EPSS

Exploits0References434

EUVD•added 2026/05/29 10:36 a.m.•7 views

EUVD-2026-33279

A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...

7.6CVSS5.8AI score0.00024EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в thunderbird

When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is displayed when the mouse hovers over any attachment. Although the correct link is used upon clicking, the misleading hover text may lead users to download conten...

6.4CVSS6.5AI score0.00106EPSS

Snyk•added 2026/05/18 9:48 p.m.•5 views

Server-side Request Forgery (SSRF)

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the hover summary process. An attacker can cause authenticated requests to be sent to internal or private-network endpoints by dispatching...

Github Security Blog•added 2026/05/18 9:31 p.m.•7 views

Exploits1References2

Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

Exploits1References7Affected Software1

OSV•added 2026/05/18 9:31 p.m.•3 views

GHSA-2R69-QGV3-HR65 Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

NVD•added 2026/05/18 8:16 p.m.•10 views

Exploits1References7

CVE-2026-45245

Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

7.4CVSS0.00011EPSS

Vulnrichment•added 2026/05/18 7:0 p.m.•6 views

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

EUVD•added 2026/05/18 7:0 p.m.•6 views

EUVD-2026-30795

Cvelist•added 2026/05/18 7:0 p.m.•26 views

CVE-2026-45245 Summarize < 0.15.1 Unauthorized Daemon Request via Untrusted Events

7.4CVSS0.00011EPSS

ATTACKERKB•added 2026/05/18 7:0 p.m.•6 views

CVE-2026-45245

CVE•added 2026/05/18 7:0 p.m.•6 views

Exploits1References5

CVE-2026-45245

CVE-2026-45245 affects the Summarize extension prior to 0.15.1. A vulnerability in the hover summary feature lets malicious pages dispatch synthetic mouseover events on attacker‑controlled links, causing the extension to issue authenticated daemon requests using stored tokens without verifying ev...