Lucene search
K

88966 matches found

CVE
CVE
added 2026/06/30 10:37 p.m.11 views

CVE-2026-13837

Summary: CVE-2026-13837 is a Chrome/Chromium UI spoofing flaw caused by an inappropriate CSS implementation in the browser before version 150.0.7871.47. A remote attacker could lure a user to open a crafted HTML page to spoof UI elements. Affected software: Google Chrome (Chromium-based) prior to...

4.3CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:37 p.m.4 views

CVE-2026-13838

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.8AI score0.00218EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:37 p.m.18 views

CVE-2026-13793

Summary: CVE-2026-13793 describes insufficient policy enforcement in SVG handling within Google Chrome prior to 150.0.7871.47. The root cause is faulty SVG policy enforcement, which allowed a remote attacker to leak cross-origin data through a specially crafted HTML page. Impact (as stated): Cros...

6.5CVSS5.8AI score0.00233EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:37 p.m.22 views

CVE-2026-13783

CVE-2026-13783 is a Use-After-Free in Views in Google Chrome affecting versions before 150.0.7871.47. The vulnerability could allow a remote attacker to exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page. Several connected sources (NVD, Debian, EUV...

9.6CVSS5.8AI score0.00314EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 10:8 p.m.10 views

CVE-2025-71374

CVE-2025-71374 affects picklescan prior to 0.0.29. The library fails to detect the built-in Python profile.Profile.run function when used in pickle reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection and achieve code execution upon deserialization. The ...

8.1CVSS6.5AI score0.00638EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 5:41 p.m.3 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
CVE
CVE
added 2026/06/30 9:10 a.m.12 views

CVE-2026-12076

Vulnerability summary (CVE-2026-12076): Raytha CMS is affected by a SQL Injection in the OData filter parsing pipeline. The flaw allows a remote, unauthenticated attacker to execute arbitrary SQL against a PostgreSQL database, potentially leading to full database compromise and credential extract...

9.3CVSS5.9AI score0.00431EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53980

Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description A remote attacker can obtain sensitive information when the system returns detailed technical error messages in the browser. This exposure of internal data could be leverag...

4.3CVSS6AI score0.00367EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54144

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Geolocation feature allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, b...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54254

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the PageInfo component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...

9.6CVSS6AI score0.00413EPSS
Exploits0References440
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54287

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read exists in SurfaceCapture, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when th...

9.6CVSS6.1AI score0.00413EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54219

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in CSS allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page...

9.6CVSS6AI score0.00413EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54333

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Parser allows a remote attacker to bypass the Content Security Policy CSP, which is a security layer used to detect and mitigate certain types of...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54230

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in XML allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-53993

Name of the Vulnerable Software and Affected Versions storescp affected versions not specified Description An unauthenticated remote attacker can cause a memory leak by repeatedly sending a single crafted connection request. When storescp operates in its default single-process mode, memory...

8.7CVSS6AI score0.00379EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54347

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the SplitView feature allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...

9.6CVSS6AI score0.00413EPSS
Exploits0References439
NVD
NVD
added 2026/06/29 8:17 p.m.6 views

CVE-2026-31016

Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint...

6.5CVSS0.00186EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 5:0 p.m.6 views

EUVD-2026-40153

A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument channelType causes improper authorization. The attack may be initiated remotely. A...

5CVSS5.3AI score0.00199EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/29 4:30 p.m.36 views

CVE-2026-13589 seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow

A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/TelnetLayer.cpp of the component Telnet Subnegotiation Packet Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated...

6.3CVSS0.0056EPSS
Exploits0References9
CVE
CVE
added 2026/06/29 4:15 p.m.15 views

CVE-2026-13588

The CVE concerns seladb PcapPlusPlus 25.05, specifically TLS Hello Handler’s pcpp::SSLClientHelloMessage::getHandshakeVersion in Packet++/src/SSLHandshake.cpp. Manipulating handshakeVersion may cause a heap-based buffer overflow, with remote execution possible. Exploitation is described as high c...

6.3CVSS6.1AI score0.0038EPSS
Exploits0References9
Rows per page
Query Builder