Lucene search
K

12 matches found

CVE
CVE
added 2026/06/16 4:15 p.m.19 views

CVE-2026-42089

The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...

8.6CVSS5.9AI score0.00139EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/16 4:15 p.m.26 views

CVE-2026-42089 yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation

Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass...

8.6CVSS0.00139EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.11 views

CVE-2026-47782

Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web page is given through an intent, RoboForm may silently download files without user confirmation nor...

4.6CVSS5.2AI score0.00132EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/20 7:57 a.m.11 views

CVE-2026-45035

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS5.9AI score0.0038EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/15 4:41 p.m.77 views

CVE-2026-45035 Tabby: RCE via `tabby://run` URL Scheme

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...

9.4CVSS0.0038EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2025/12/05 5:53 p.m.12 views

Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails

A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecti...

7AI score
Exploits0
AstraLinux
AstraLinux
added 2025/05/19 2:38 p.m.3 views

Astra Linux - уязвимость в firefox, thunderbird

Scanning certain QR codes that included text with a website URL could allow the URL to be opened without presenting the user with a confirmation alert first This vulnerability affects Firefox for iOS 136...

4.3CVSS6.3AI score0.00215EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/08/13 3:31 p.m.5 views

gnome-shell: code execution in portal helper

A vulnerability was found in GNOME Shell. A portal helper can be launched automatically without user confirmation based on the network responses provided by an adversary...

6.5CVSS5.7AI score0.00299EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.5 views

PT-2024-1122

Name of the Vulnerable Software and Affected Versions: Microsoft Bluetooth Driver affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the Microsoft Bluetooth Driver. It allows a remote attacker to conduct spoofi...

6.1CVSS7.1AI score0.0583EPSS
Exploits3References20
SUSE CVE
SUSE CVE
added 2023/02/15 5:51 a.m.6 views

SUSE CVE-2011-3055

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension...

4.3CVSS8.9AI score0.01698EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2017/03/02 12:0 a.m.7 views

The vulnerability of Google Chrome browser allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome arises from the lack of a need for users to confirm operations related to data loading. Exploiting this vulnerability allows a malicious actor to install a malicious extension and execute arbitrary code using a specially crafted HTML page...

4.3CVSS7.4AI score0.02067EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2012/03/22 4:55 p.m.4 views

CVE-2011-3055

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension...

4.3CVSS8.5AI score0.01698EPSS
Exploits1References11
Rows per page
Query Builder