Lucene search
K

247 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14076

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00182EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.22 views

CVE-2026-13894

Affected software: Google Chrome (Chromium-based). The issue is described as insufficient policy enforcement in the Network component prior to version 150.0.7871.47, allowing an attacker with a privileged network position to bypass navigation restrictions via a crafted HTML page. Severity is rate...

6.5CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54171

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement within the Network component allows an attacker in a privileged network position to bypass navigation restrictions by using a crafted HTML page...

9.8CVSS5.9AI score0.00413EPSS
Exploits0References448
EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39595

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 11:23 p.m.16 views

CVE-2026-13318

KubeVirt exposes an SSRF in virt-api port-forward: when handling a port-forward to a VirtualMachineInstance, virt-api reads vmi.Status.Interfaces[0].IP and dials it without validation. For VMIs using non-masquerade networks (bridge or secondary-only), this IP is supplied by the in-guest QEMU agen...

6.4CVSS6AI score0.00149EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.7 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.50 views

CVE-2026-13318 Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS0.00149EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/23 1:26 p.m.8 views

CVE-2026-10609

A missing authorization flaw was found in the OpenShift Cluster Logging Operator. The operator creates and forwards ServiceAccount tokens to output destinations without verifying that the ClusterLogForwarder creator has permission to use those credentials, allowing a delegated editor to exfiltrat...

6.8CVSS5.9AI score0.00226EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:30 a.m.12 views

SUSE CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 12:16 a.m.29 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/08 11:27 p.m.48 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

0.00171EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS5.5AI score0.00171EPSS
Exploits0
CVE
CVE
added 2026/06/08 11:27 p.m.36 views

CVE-2026-11684

CVE-2026-11684 affects Google Chrome’s Network policy enforcement. Affected component: network policy handling in Chrome before 149.0.7827.103. Root cause: insufficient policy enforcement allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTM...

3.1CVSS5.5AI score0.00171EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.26 views

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

9.6CVSS5.9AI score0.01654EPSS
Exploits4References85
Cvelist
Cvelist
added 2026/05/29 3:11 p.m.41 views

CVE-2026-35673 OpenClaw < 2026.4.29 - SSRF Policy Bypass via Browser Debug/Export Routes

OpenClaw before 2026.4.29 contains an SSRF policy bypass vulnerability in browser debug and export routes that allows reuse of already-open blocked tabs. Attackers with access to these routes can bypass private-network SSRF policies by reusing blocked tabs to export or inspect content that should...

6.5CVSS0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42687

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description Runtime pods were configured with the fission-fetcher ServiceAccount, which possesses namespace-wide get permissions for secrets and configmaps. Because the service account token was automounted and...

8.7CVSS5.9AI score0.00276EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42617

Summary The Fission storagesvc component registers archive CRUD handlers /v1/archive GET / POST / DELETE and /v1/archives list directly on its HTTP router without performing any authentication or authorization. Any caller able to reach the storagesvc ClusterIP — including any other workload in th...

8.8CVSS6AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.15 views

PT-2026-42684

Name of the Vulnerable Software and Affected Versions Fission versions prior to 1.23.0 Description The storagesvc component registers archive CRUD handlers on its HTTP router without authentication or authorization. This allows any caller capable of reaching the storagesvc ClusterIP, such as othe...

8.8CVSS5.6AI score0.00344EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/19 7:28 p.m.20 views

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...

5.8AI score
Exploits0References2Affected Software3
Rows per page
Query Builder