CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 2026/06/10 2:31 a.m.•4 views

SUSE CVE-2026-11666

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

5.4CVSS5.5AI score0.0019EPSS

SUSE CVE•added 2026/06/10 2:31 a.m.•7 views

SUSE CVE-2026-11676

Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00221EPSS

SUSE CVE•added 2026/06/10 2:30 a.m.•4 views

SUSE CVE-2026-11691

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00151EPSS

SUSE CVE•added 2026/06/10 2:30 a.m.•7 views

SUSE CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.5AI score0.00195EPSS

SUSE CVE•added 2026/06/10 2:25 a.m.•8 views

SUSE CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS

Snyk•added 2026/06/10 1:13 a.m.•3 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' in the SpelPropertyComparator function. An attacker can execute arbitrary SpEL expressions by supplying crafted input t...

6.4CVSS5.7AI score0.00202EPSS

6.4CVSS5.5AI score0.00202EPSS

EUVD-2026-35901

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. Affected versions: Spring Data KeyValue / Spring Data Redis 4.0.0 through 4.0.5; 3.5.0 through...

4.8CVSS5.5AI score0.00227EPSS

EUVD-2026-35893

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

7.5CVSS5.5AI score0.00407EPSS

EUVD-2026-35849

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

EUVD•added 2026/06/10 12:31 a.m.•8 views

EUVD-2026-35841

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00168EPSS

6.2CVSS5.5AI score0.00153EPSS

EUVD-2026-35847

NVD•added 2026/06/10 12:16 a.m.•8 views

CVE-2026-41719

6.4CVSS0.00202EPSS

CNNVD•added 2026/06/10 12:0 a.m.•3 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from lax implementation of SSH identifier string rules. The server-side identifier...

5.3CVSS5.4AI score0.00277EPSS

CNNVD•added 2026/06/10 12:0 a.m.•4 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as an individual contributor. In versions of Russh from 0.37.0 to 0.61.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the keyboard interaction authentication process, where a...

6.5CVSS5.4AI score0.00232EPSS

CNNVD•added 2026/06/10 12:0 a.m.•2 views

libp2p 输入验证错误漏洞

libp2p is a modular peer-to-peer network framework developed under the open source license of libp2p. Prior to version 15.0.23, there was a vulnerability related to input validation errors in libp2p. This vulnerability stemmed from three overlooked permissions in @libp2p/gossipsub, allowing an...

7.5CVSS5.3AI score0.00263EPSS

CNNVD•added 2026/06/10 12:0 a.m.•2 views

libp2p 输入验证错误漏洞

libp2p is a modular peer-to-peer network framework developed under the open-source license. Prior to version 16.2.6, libp2p had a vulnerability related to input validation errors. This vulnerability stemmed from unverified remote peers being able to send unlimited PUTVALUE messages, which could...

7.5CVSS5.3AI score0.00354EPSS

CNNVD•added 2026/06/10 12:0 a.m.•5 views

Russh 输入验证错误漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from multiple message processors decoding attacker-controlled SSH strings, name lists, and...

7.5CVSS5.4AI score0.00268EPSS