Lucene search
K

271 matches found

Debian CVE
Debian CVE
added 2026/05/06 6:13 p.m.5 views

CVE-2026-8014

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00163EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/06 6:13 p.m.39 views

CVE-2026-8014

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00163EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 6:13 p.m.50 views

CVE-2026-8014

CVE-2026-8014 affects Google Chrome prior to 148.0.7778.96. The Debian/EUVD/NVD entries describe an inappropriate implementation in Preload that allows a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability impact is described as low severity, with a CVSS 3.1 base ...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/06 6:13 p.m.9 views

CVE-2026-8014

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00163EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/06 12:0 a.m.9 views

Securing the Web with HSTS-Enforced

TLS stripping attacks expose sensitive web traffic by forcing secure HTTPS connections to fall back to unencrypted HTTP. At present, protection against these attacks relies on website operators explicitly opting into security by deploying mechanisms such as HTTP Strict Transport Security HSTS...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-38207

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An inappropriate implementation in Preload allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update to version 148.0.7778.96 or...

9.6CVSS5.8AI score0.00344EPSS
Exploits0References138
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability, which was caused by improper implementation of the Preload mechanism. This vulnerability could allow remote attackers to leak cross-source data through...

4.3CVSS5.8AI score0.00163EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/03 12:0 a.m.11 views

Adblock Plus 安全漏洞

Adblock Plus is an advertising blocker developed by Ad-IP under open source principles. Versions of Adblock Plus 4.36.2 and earlier contain a security vulnerability, which stems from the postMessage function in the Legacy Premium Activation component’s premium.preload.js file. This vulnerability...

6.9CVSS6.1AI score0.00297EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/30 2:33 p.m.119 views

Exploit for CVE-2026-31431

Copy Fail - Defense-in-Depth Primitives for CVE-2026-31431 Ke...

7.8CVSS6.2AI score0.96267EPSS
Exploits228
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34502

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

4.4CVSS5.9AI score0.0017EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/16 7:22 p.m.6 views

CVE-2026-39420

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

7.4CVSS6.3AI score0.00485EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 12:17 a.m.10 views

EUVD-2026-22180

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

6.3CVSS6.5AI score0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:17 a.m.3 views

CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

6.3CVSS6.5AI score0.00264EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:17 a.m.30 views

CVE-2026-39421 MaxKB: Sandbox escape via ctypes and unhooked SYS_pkey_mprotect

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute raw system calls, an authenticated attacker with workspace privileges can bypass the LDPRELOAD-based...

6.3CVSS0.00264EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 12:13 a.m.3 views

CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

6.3CVSS6.3AI score0.00485EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:13 a.m.2 views

CVE-2026-39420

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

6.3CVSS6.3AI score0.00485EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/14 12:13 a.m.8 views

EUVD-2026-22178

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

6.3CVSS6.3AI score0.00485EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/14 12:13 a.m.23 views

CVE-2026-39420 MaxKB: Sandbox escape via LD_PRELOAD bypass

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the LDPRELOAD-based sandbox. By env command the attacker can clear the environment variables and drop...

6.3CVSS0.00485EPSS
Exploits0References3
CVE
CVE
added 2026/04/14 12:13 a.m.9 views

CVE-2026-39420

CVE-2026-39420 (MaxKB) affects MaxKB

7.4CVSS6.3AI score0.00485EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32573

MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto with the MSG FASTOPEN flag. This allows authenticated user with tool-editing permissions to reach internal services that are explicitly blocked by th...

5CVSS5.7AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder