Lucene search
K

590817 matches found

Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-15108

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

0.00104EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-15108

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

6AI score0.00104EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2 days ago4 views

CVE-2026-15108

Integer overflow in Extensions API in Google Chrome prior to 150.0.7871.115 allowed an attacker who convinced a user to install a malicious extension to perform an out of bounds memory read via a crafted Chrome Extension. Chromium security severity: High...

4.3CVSS6AI score0.00104EPSS
Exploits0
CVE
CVE
added 2 days ago28 views

CVE-2026-15110

The CVE-2026-15110 entry concerns Google Chrome: a use-after-free in the Extensions component that can lead to heap corruption. Affected software is Chrome prior to version 150.0.7871.115; the underlying cause is use-after-free within the Extensions handling, exploitable when a user is convinced ...

8.8CVSS6AI score0.00104EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago34 views

CVE-2026-15108

CVE-2026-15108: In Google Chrome, an Integer overflow in the Extensions API prior to 150.0.7871.115 allows an attacker to trigger an out-of-bounds memory read by convincing a user to install a crafted extension. Affected product: Google Chrome (Extensions API). Root cause: integer overflow in the...

4.3CVSS6AI score0.00104EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2 days ago24 views

CVE-2026-54499

CVE-2026-54499 affects Stanza prior to 1.12.2, where model loading uses torch.load(..., weights_only=True) and on an attacker-controllable pickle.UnpicklingError falls back to weights_only=False, enabling arbitrary pickle code execution when loading a malicious .pt pretrain/file. The vulnerabilit...

7.5CVSS6.3AI score0.00302EPSS
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS0.00234EPSS
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-10037

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS0.0012EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago6 views

Malicious code in none123s (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c28e7ef260830adb9561488c487960b12e00bd6939daf8ed8e3a239ec9530699 package.json declares a prepare lifecycle script node index.js || true that auto-executes on npm install. index.js reads canonical installer-secret...

5.9AI score
Exploits0References18
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-5922

The IP phone might use malicious input stored in configuration parameters and render it as content for the WebUI’s webpage...

5.9CVSS5.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-10037

CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago14 views

Malicious code in tslint-conf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31b464b1646f8e2d36ce68a86af599cc49d5381f08af70302ff01f42957234a1 The package presents itself as the pino logger README, index.d.ts, docs/, and lib/ files all reference pinojs/pino but is published under the unrelat...

6.2AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2 days ago4 views

libreoffice: LibreOffice Calc: Arbitrary code execution via heap buffer overflow in formula compilation

A vulnerability has been identified in LibreOffice Calc. An application crash may occur if a user opens a malicious spreadsheet that contains excessively long formulas. Successful exploitation of this vulnerability could result in a denial of service or potentially lead to arbitrary code executio...

7.8CVSS6.1AI score0.00139EPSS
Exploits0References5
CVE
CVE
added 2 days ago8 views

CVE-2026-59948

CVE-2026-59948 affects Composer (PHP dependency manager). A malicious package from an untrusted repo (not Packagist.org/Private Packagist) with an invalid name could cause install/update to write attacker-controlled files outside the vendor directory and project. Root cause: failure to validate t...

7CVSS6AI score0.00132EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in express-mongo-limit (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8f17b459e01affe3f0cc1640da6fcc4e1db9cdf3b7379caa6e6865747ce71a60 The package advertises itself as an Express/Mongo payload sanitizer but its postinstall hook node index.js globally installs pm2, clipboardy, and...

6.1AI score
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago8 views

Malicious code in airkey-mfa-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector addd30fd6d90110d178ea017b2968c6014dab0e8304bdfeb55b13612a75f61da Package auto-executes a preinstall script node test.js on npm install that collects username, hostname, platform, Node version, and CI flag and POSTs...

5.9AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in searchresults (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d5453a0b1576ed8880071cda901607e79f25378700d3f999ab2c9715e00635 [email protected] is a high-version dependency-confusion squat on the generic name 'searchresults'. package.json declares preinstall and...

6.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago9 views

Malicious code in babel-eslint-parser-legacy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 85a6f04cbf0697b6ae409fb9e5ad0e25812dac6a2f43bd95722f1903ee2f71f7 Package name babel-eslint-parser-legacy is a one-suffix confusion against the legitimate babel-eslint-parser. The package's own main is an empty stub...

6.2AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in promo-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1a88c879a569b51180b134bd442917610efba2cfc54aa980cb3ec3b4731e84c No concrete evidence of installer-side harm was identified for this package version. There are no indicators of credential theft, environment scrapin...

6.2AI score
Exploits0References9
RedHat Linux
RedHat Linux
added 2 days ago4 views

gstreamer1-plugins-good: GStreamer: Heap buffer overflow in WavPack decoder via integer overflow

A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation 4 blocksamples channels in gstwavpackdechandleframe causes a very small heap allocation. The WavPack library then writes...

7.6CVSS6.4AI score0.0031EPSS
Exploits0References4
Rows per page
Query Builder