Lucene search
K

1604 matches found

CVE
CVE
added 3 days ago34 views

CVE-2026-55882

Summary: Tilt (Tilt HUD server) before v0.37.4 exposes Go pprof endpoints under /debug with no access control, allowing unauthenticated network-accessible listeners to read memory and tokens via /debug/pprof/heap and /debug/pprof/goroutine, and potentially degrade performance via /debug/pprof/pro...

8.3CVSS6.2AI score0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago29 views

CVE-2026-55882 Tilt: Unauthenticated pprof debug endpoints on the Tilt HUD server

Tilt defines dev environments as code for microservice apps on Kubernetes. From 0.19.5 through 0.37.3, the Tilt HUD server mounts Go net/http/pprof handlers under /debug with no access control. When the HUD or apiserver listener is network-exposed, an unauthenticated caller can read process memor...

8.3CVSS0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 9:0 p.m.37 views

CVE-2026-14611 DeepMyst Mysti Per-Project Auto-Memory MemoryManager.ts initProjectMemory exposure of resource

A vulnerability has been found in DeepMyst Mysti up to 0.4.0. The affected element is the function initProjectMemory of the file src/managers/MemoryManager.ts of the component Per-Project Auto-Memory Handler. Such manipulation of the argument workspacePath leads to exposure of resource. The attac...

5.3CVSS0.00253EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/02 12:31 a.m.9 views

EUVD-2026-41169

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00235EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 12:31 a.m.5 views

EUVD-2026-41180

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:22 p.m.7 views

CVE-2026-14399

Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14414

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00235EPSS
Exploits0
Snyk
Snyk
added 2026/07/01 7:25 p.m.5 views

Integer Overflow or Wraparound

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

8.8CVSS6AI score0.0022EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40637

Insufficient policy enforcement in Payments in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40622

Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13911

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Spellcheck in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obta...

5.3CVSS6.1AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.12 views

PT-2026-54675

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.46 Description An uninitialized use in Dawn allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page. Recommendations Update Google Chrome ...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-14088

Uninitialized Use in Canvas in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14063

Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via malicious network traffic. Chromium security severity: Low...

5.7CVSS5.8AI score0.00141EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13970

Uninitialized Use in Media in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13961

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security...

5.3CVSS0.00265EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13947

Uninitialized Use in XR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.0029EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-13933

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-13936

Inappropriate implementation in Passwords in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.13 views

CVE-2026-13874

Race in DataTransfer in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.00198EPSS
Exploits0References2
Rows per page
Query Builder