Lucene search
K

735 matches found

EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40948

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrar...

7.1CVSS5.9AI score0.00247EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 9:53 p.m.6 views

Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
OSV
OSV
added 2026/06/23 9:53 p.m.6 views

MAL-2026-6357 Malicious code in theme-color-picker (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f7a4ba7e8664b9e1d99c4018963a4731d591653d7f2a9b879ba090e7a7f6e7bd Although the package presents itself as a 'theme color picker', package.json identifies the publisher as analysis-chart.io with repository...

5.9AI score
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When creating a callback via IPC to display the Color Picker window, multiple identical callbacks might be created at once. Eventually, all of them would be destroyed as soon as one of the callbacks is completed. This could lead to a use-after-free condition, resulting in a potentially exploitabl...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When creating a callback via IPC to display the File Picker window, multiple identical callbacks might be created at once. Eventually, all of them would be destroyed as soon as one of the callbacks is completed. This could lead to a use-after-free condition, resulting in a potentially exploitable...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Batik

Apache Batik 1.13 is vulnerable to server-side request forgery, which is caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

8.2CVSS6.8AI score0.13635EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Firefox

A ambiguous file picker design could have confused users who intended to select and upload a single file, into uploading an entire directory. This issue was addressed by adding a new prompt. This vulnerability affects Firefox versions earlier than 85...

6.5CVSS6.9AI score0.00993EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...

6.5CVSS6.1AI score0.07948EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS...

6.5CVSS6.2AI score0.37788EPSS
Exploits1References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/11 12:0 a.m.5 views

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2025:0301-1 Rating: important References: 1247981 Cross-References: CVE-2025-8879 CVE-2025-8880 CVE-2025-8881 CVE-2025-8882 CVE-2025-8901 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes 5...

8.8CVSS7.1AI score0.00289EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.10 views

Chromium: CVE-2026-11172 Incorrect security UI in Contact Picker

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.4AI score0.00234EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/07 5:8 a.m.9 views

CVE-2026-11172

An incorrect security ui flaw was found in the Contact Picker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502328201...

8.8CVSS5.4AI score0.00234EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:43 a.m.8 views

SUSE CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.5AI score0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.9 views

EUVD-2026-34633

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 11:17 p.m.11 views

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS0.00234EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 11:17 p.m.5 views

DEBIAN-CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS5.5AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:5 p.m.5 views

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00234EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.5 views

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00234EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/04 11:5 p.m.21 views

CVE-2026-11172

Technical details about CVE-2026-11172 are not publicly available in the provided documents; monitor sources for updates.

8.8CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/04 11:5 p.m.29 views

CVE-2026-11172

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

0.00234EPSS
Exploits0References2
Rows per page
Query Builder