CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

146 matches found

ATTACKERKB•added 2026/06/08 11:27 p.m.•4 views

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00216EPSS

Exploits0References3Affected Software1

Debian CVE•added 2026/06/08 11:27 p.m.•7 views

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.00216EPSS

Exploits0

EUVD•added 2026/06/05 12:31 a.m.•6 views

EUVD-2026-34722

Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00176EPSS

Exploits0References3

NVD•added 2026/06/05 12:17 a.m.•5 views

CVE-2026-11261

4.3CVSS0.00176EPSS

Exploits0References2

Cvelist•added 2026/06/04 11:6 p.m.•34 views

CVE-2026-11261

0.00176EPSS

Exploits0References2

CVE•added 2026/06/04 11:3 p.m.•11 views

CVE-2026-10945

Summary: CVE-2026-10945 is a use-after-free in Google Chrome’s PDF handling prior to 149.0.7827.53. A remote attacker could lure a user into specific UI gestures to trigger execution of arbitrary code inside the browser sandbox via a crafted PDF file. The impact is high (arbitrary code execution ...

8.8CVSS6.2AI score0.0035EPSS

Exploits0References2Affected Software1

Debian CVE•added 2026/06/04 11:3 p.m.•6 views

CVE-2026-10945

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.0035EPSS

Exploits0

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в chromium

The inappropriate implementation of PDF in Google Chrome prior to version 102.0.5005.61 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

4.3CVSS6.2AI score0.00645EPSS

Exploits0References2

OSV•added 2026/05/13 3:23 p.m.•1 views

SUSE-SU-2026:1842-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs bsc1265154...

5.5CVSS5.8AI score0.00126EPSS

Exploits0References3

OSV•added 2026/04/17 1:17 a.m.•2 views

UBUNTU-CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

6.9CVSS5.7AI score0.00423EPSS

Exploits0References4

Cvelist•added 2026/04/08 9:20 p.m.•15 views

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

0.00159EPSS

Exploits0References2

Vulnrichment•added 2026/04/08 9:20 p.m.•0 views

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

7.3AI score0.00159EPSS

Exploits0References2

Debian CVE•added 2026/04/08 9:20 p.m.•4 views

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

4.3CVSS8.4AI score0.00159EPSS

Exploits0

Vulnrichment•added 2026/04/01 4:41 a.m.•1 views

CVE-2026-5287

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.2AI score0.00417EPSS

Exploits0References2

CVE•added 2026/03/11 10:4 p.m.•19 views

CVE-2026-3939

CVE-2026-3939 affects Google Chrome versions prior to 146.0.7680.71, where insufficient policy enforcement in PDF handling allows a remote attacker to bypass navigation restrictions via a crafted PDF file. The vulnerability is categorized with Chromium’s security severity as Low. No exploits or e...

6.5CVSS5.8AI score0.00147EPSS

Exploits0References2Affected Software1

Veracode•added 2025/12/08 10:9 a.m.•10 views

XML External Entity (XXE) Injection

Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...

9.8CVSS8.4AI score0.79807EPSS

Exploits6References5Affected Software3

CNNVD•added 2025/10/23 12:0 a.m.•2 views

WordPress plugin MxChat 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

5.3CVSS7.5AI score0.00246EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2011-3916

Malware in sbrugna...

5CVSS9.3AI score0.01135EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2011-2835

Malware in sbrugna...

6.8CVSS8.9AI score0.01475EPSS

Exploits0References6