Lucene search
K

43 matches found

Debian CVE
Debian CVE
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14412

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00237EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00272EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/24 6:54 p.m.4 views

perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob

A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...

7.8CVSS6.1AI score0.00292EPSS
Exploits3References6
CVE
CVE
added 2026/06/04 11:5 p.m.20 views

CVE-2026-11220

CVE-2026-11220 : The provided documents indicate a vulnerability in Google Chrome related to the Navigation component, caused by insufficient validation of untrusted input. This weakness exists in Chrome versions prior to 149.0.7827.53 and could let a remote attacker who has already compromised t...

6.5CVSS5.8AI score0.00176EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/29 7:47 p.m.8 views

GHSA-G3HP-F6MG-559V Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection

Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. Details Autoupdate/AppInstaller.m's shouldAcceptNewConnection: only enforces SUCodeSigningVerifier validateConnection: before stage 1 completes. After...

4.2CVSS5.8AI score0.00014EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/28 10:25 p.m.20 views

CVE-2026-9997

Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00178EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:41 p.m.18 views

Malicious code in tailwind-style-typography (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0818530f40672586168012538662486135f040526d0e4377f362b6bfe2f61bd2 The package name impersonates the official @tailwindcss/typography plugin and replicates its README and source verbatim including links to...

6AI score
Exploits0References2
Mozilla
Mozilla
added 2025/10/14 12:0 a.m.15 views

Security Vulnerabilities fixed in Firefox ESR 115.29 — Mozilla

A compromised web process was able to trigger out of bounds reads and writes in a more privileged process using manipulated WebGL textures. A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised...

9.8CVSS7.3AI score0.00394EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-0981

Malware in sbrugna...

4.7CVSS5.4AI score0.01489EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-1005

Malware in sbrugna...

4.7CVSS5.3AI score0.01EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-28984

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00651EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2017-7794

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read...

7.8CVSS6.9AI score0.00338EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/10/22 12:0 a.m.4 views

Zip Password Recovery缓冲区错误漏洞

KryLack Software Zip Password Recovery is an advanced software from KryLack Software. It is used to recover lost or forgotten passwords to Zip WinZip archives. A buffer error vulnerability exists in Passcovery ZIP Password Recovery version 3.70.69.0, which stems from a buffer overflow vulnerabili...

7.8CVSS7.7AI score0.00403EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2021/10/08 9:30 p.m.21 views

CVE-2021-37967

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page...

4.3CVSS5.8AI score0.00739EPSS
Exploits0
OSV
OSV
added 2020/01/08 9:15 p.m.3 views

CVE-2019-11765

A compromised content process could send a message to the parent process that would cause the 'Click to Play' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted...

6.5CVSS7AI score
Exploits0References2
Prion
Prion
added 2019/04/26 5:29 p.m.18 views

Code injection

If a Sandbox content process is compromised, it can initiate an FTP download which will then use a child process to render the downloaded data. The downloaded data can then be passed to the Chrome process with an arbitrary file length supplied by an attacker, bypassing sandbox protections and all...

5CVSS7.6AI score0.01127EPSS
Exploits0References2Affected Software1
Vulnerability Lab
Vulnerability Lab
added 2018/10/12 12:0 a.m.566 views

EasyBoot v6.6.0.800 - (Title CD) Unicode Buffer Overflow

Document Title: =============== EasyBoot v6.6.0.800 - Title CD Unicode Buffer Overflow References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2147 Release Date: ============= 2018-10-12 Vulnerability Laboratory ID VL-ID: ==================================== 21...

0.2AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/06/16 1:0 p.m.22 views

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

6.7AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/06/08 12:0 a.m.5 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the MediaTek Video Driver for the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the kernel context, thereby enabling the execution of malicious applications...

7.6CVSS7.7AI score0.00544EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/06/08 12:0 a.m.7 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of MediaTek’s Android operating system driver is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the kernel context. This issue is considered “high” because it requires compromising privileged...

7.6CVSS7.6AI score0.00544EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder