Lucene search
K

3520 matches found

CVE
CVE
added 2 days ago5 views

CVE-2026-26307

Gitea versions before 1.25.5 do not enforce a timeout on git grep searches, allowing expensive searches to consume server resources. Affected: Gitea core before 1.25.5; component: git grep handling. Root cause: missing/absent timeout for git grep operations. Impact: potential resource exhaustion ...

6AI score0.00175EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2026-50279

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
OSV
OSV
added 4 days ago2 views

DEBIAN-CVE-2026-14430

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

DEBIAN-CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References1
CVE
CVE
added 4 days ago11 views

CVE-2026-58029

CVE-2026-58029 affects Wikimedia Foundation MediaWiki and enables a full account takeover via BotPasswords and OAuth through action=changeauthenticationdata. Affected versions are MediaWiki: before 1.46.0, 1.45.4, 1.44.6, 1.43.9. The issue involves the API and Special pages: ApiChangeAuthenticati...

5.3CVSS5.8AI score0.00543EPSS
Exploits0References1
CVE
CVE
added 4 days ago13 views

CVE-2026-58033

CVE-2026-58033 affects Wikimedia Foundation MediaWiki and involves exposure of sensitive information via the includes/Actions/InfoAction.Php path. The issue impacts MediaWiki versions prior to 1.46.0, including 1.45.4, 1.44.6, and 1.43.9. The connected sources consistently describe the vulnerabil...

5.3CVSS5.8AI score0.00428EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-58399 @acastellon/auth has an authentication bypass via spoofable headers in validateToken()

@acastellon/auth is an authentication control system for microservices. Versions prior to 2.3.0 appear to allow an unauthenticated authentication bypass in validateToken through spoofable auth-user and Host request headers. The validateToken middleware contains a service-to-service bypass for...

8.7CVSS0.00543EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40553

Inappropriate implementation in Geolocation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0023EPSS
Exploits0References3
OSV
OSV
added 5 days ago7 views

DEBIAN-CVE-2026-14150

Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.4CVSS5.8AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-14144

Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS0.00136EPSS
Exploits0References2
NVD
NVD
added 5 days ago5 views

CVE-2026-14126

Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-14089

Insufficient validation of untrusted input in PopupBlocker in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 5 days ago4 views

CVE-2026-14068

Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 5 days ago4 views

CVE-2026-14049

Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.3CVSS0.00205EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-14000

Inappropriate implementation in XML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.1CVSS6AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 5 days ago5 views

CVE-2026-13912

Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00204EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-13839

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago24 views

CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago22 views

CVE-2026-14073

Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

0.00182EPSS
Exploits0References2
CVE
CVE
added 5 days ago7 views

CVE-2026-13954

The CVE-2026-13954 entry concerns Google Chrome on Android with an XML policy enforcement flaw. The issue is described as insufficient policy enforcement in XML that could allow a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. Affected softw...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder