Lucene search
K

212 matches found

OSV
OSV
added 2024/06/06 1:15 p.m.3 views

CVE-2024-5684

An attacker with access to the private network the charger is connected to or local access to the Ethernet-Interface can exploit a faulty implementation of the JWT-library in order to bypass the password authentication to the web configuration interface and then has full access as the user would...

8.8CVSS5.8AI score0.00188EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/17 1:16 p.m.11 views

Authentication Bypass

friendsofsymfony/user-bundle is vulnerable to Authentication Bypass. The vulnerability is due to an insecure user refresh implementation due to using the primary key instead of the username, which can result in authentication bypass if users are allowed to change usernames...

7.3AI score
Exploits0
CVE
CVE
added 2024/05/15 8:42 p.m.362 views

CVE-2024-4950

CVE-2024-4950 pertains to Chromium/Google Chrome prior to 125.0.6422.60, where an inappropriate implementation in Downloads could let a remote attacker lure a user into specific UI gestures to spoof UI via a crafted HTML page. Affected products are Chrome/Chromium browsers; the underlying issue i...

6.5CVSS5.5AI score0.00912EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/04/17 8:15 a.m.25 views

CVE-2024-3845

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.2AI score
Exploits0References8
Cvelist
Cvelist
added 2024/04/17 7:46 a.m.27 views

CVE-2024-3838

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. Chromium security severity: Medium...

6.4AI score0.00366EPSS
Exploits0References5
NVD
NVD
added 2024/04/06 3:15 p.m.24 views

CVE-2024-3156

Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

8.8CVSS8.2AI score0.01131EPSS
Exploits0References4
CVE
CVE
added 2024/04/06 2:53 p.m.392 views

CVE-2024-3156

CVE-2024-3156 affects Chromium/Google Chrome via an inappropriate implementation in V8, allowing remote memory-out-of-bounds access through a crafted HTML page on versions prior to 123.0.6312.105. Debian security advisory confirms the fix is in chromium 123.0.6312.105-1~deb12u1 for stable (bookwo...

8.8CVSS8AI score0.01131EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/03/20 5:6 p.m.30 views

CVE-2024-2630

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.4AI score0.00744EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/03/20 5:6 p.m.30 views

CVE-2024-2631

Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.2AI score0.00646EPSS
Exploits0References5
OSV
OSV
added 2024/02/21 4:15 a.m.20 views

CVE-2024-1672

Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS5.2AI score
Exploits0References4
OSV
OSV
added 2024/02/21 4:15 a.m.18 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.1AI score
Exploits0References4
Cvelist
Cvelist
added 2024/02/21 3:14 a.m.32 views

CVE-2024-1676

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. Chromium security severity: Low...

5.2AI score0.18552EPSS
Exploits1References4
OSV
OSV
added 2024/01/24 12:15 a.m.19 views

CVE-2024-0809

Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.2AI score
Exploits0References4
Veracode
Veracode
added 2023/12/19 7:53 a.m.22 views

PKCE Downgrade Attack

yiisoft/yii2-authclient is vulnerable to PKCE Downgrade Attack. The vulnerability is caused due to an insecure implementation of PKCE. The application doesn't use authCodeVerifier securely. An attacker can gain unauthorized access to protected resources by exploiting this vulnerability...

8.8CVSS6.9AI score0.00492EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/12/06 2:15 a.m.19 views

CVE-2023-6511

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.2AI score0.00856EPSS
Exploits0References6
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.13 views

Return values of approve() not checked

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

7.1AI score
Exploits0
NVD
NVD
added 2023/11/01 6:15 p.m.25 views

CVE-2023-5480

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. Chromium security severity: High...

6.1CVSS6.3AI score0.011EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2023/11/01 6:15 p.m.24 views

CVE-2023-5858

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Low...

4.3CVSS6.3AI score0.00646EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/10/30 4:56 p.m.12 views

CVE-2023-21366

In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score0.00083EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/30 12:0 a.m.7 views

PT-2023-18141 · Scudo · Scudo

Name of the Vulnerable Software and Affected Versions: Scudo affected versions not specified Description: The issue is related to an insecure implementation or design in Scudo, allowing an attacker to predict heap allocation patterns. This could lead to local information disclosure without...

5.5CVSS5AI score0.00083EPSS
Exploits0References3
Rows per page
Query Builder