3520 matches found
CVE-2026-26307
Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. Affected: Gitea core before 1.25.5; component: git grep handling. Root cause: missing/absent timeout for git grep operations. Impact: potential resource exhaustion ...
CVE-2026-50279
Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...
DEBIAN-CVE-2026-14430
Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-14404
Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...
CVE-2026-58029
CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...
CVE-2026-58033
CVE-2026-58033 affects Wikimedia Foundation MediaWiki and involves exposure of sensitive information via the includes/Actions/InfoAction.Php path. The issue impacts MediaWiki versions prior to 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The connected sources consistently describe the vulnerabil...
CVE-2026-58399 @acastellon/auth has an authentication bypass via spoofable headers in validateToken()
@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...
EUVD-2026-40553
Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-14150
Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14144
Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14126
Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14089
Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14068
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14049
Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14000
Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13912
Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13839
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-14108
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...
CVE-2026-14073
Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13954
The CVE-2026-13954 entry concerns Google Chrome on Android with an XML policy enforcement flaw. The issue is described as insufficient policy enforcement in XML that could allow a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. Affected softw...