Lucene search
K

173 matches found

RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-59936

A flaw was found in pypdf, a pure-Python PDF library. A remote attacker can craft a malicious PDF document containing an unterminated inline image within its page content stream. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop,...

8.7CVSS5.9AI score0.00345EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14077

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via...

4.3CVSS6AI score0.00169EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 p.m.3 views

DEBIAN-CVE-2026-13836

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS6AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 10:38 p.m.19 views

CVE-2026-13951

CVE-2026-13951 concerns Google Chrome where insufficient policy enforcement in USB handling within the renderer can enable a sandbox escape via a crafted HTML page if the renderer is compromised. Affected product: Chrome/Chromium ecosystem; vulnerable component is the USB policy enforcement in th...

8.3CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:38 p.m.15 views

CVE-2026-13915

CVE-2026-13915 affects Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47. The vulnerability is described as a use-after-free that could lead to heap corruption when a remote attacker convinces a user to perform specific UI gestures on a crafted HTML page. Impact details in the ...

8.8CVSS5.8AI score0.00316EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13909

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

0.00316EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.14 views

CVE-2026-57534

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:11 p.m.31 views

CVE-2026-57534 Stored XSS in pretix-pages

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin...

2.1CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:11 p.m.13 views

CVE-2026-57534

Summary: CVE-2026-57534 affects the pretix-pages plugin, where malicious HTML content can be injected into a page’s content, causing a stored XSS condition. The root cause is described as unsafe handling of page content within the plugin; exploitation details are not provided beyond the stored-XS...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12463

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

4.7CVSS0.00133EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:42 a.m.8 views

SUSE CVE-2026-11178

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

7.5CVSS5.5AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-31205

Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function...

5.7CVSS5.5AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.11 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS5.5AI score0.00622EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 6:11 p.m.38 views

CVE-2026-8879 CVE-2026-8879

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

0.00374EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 6:11 p.m.14 views

EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

5.8AI score0.00374EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/14 7:52 p.m.8 views

CVE-2026-8585

Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS5.8AI score0.00176EPSS
Exploits0
NVD
NVD
added 2026/05/11 5:16 p.m.16 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS0.00622EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 3:44 p.m.35 views

CVE-2026-42845 Grav: Anonymous Page Content Overwrite via Form File Upload filename Override

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS0.00622EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 3:44 p.m.6 views

CVE-2026-42845

The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload GHSA-w4rc-p66m-x6qq. Public form uploads now strip path components from the POST-supplied filename and hard-block page-content extensions md, yaml...

8.7CVSS5.8AI score0.00622EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder