Lucene search
K

1388 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Animation in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

6.5CVSS7AI score0.05488EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/19 9:1 a.m.8 views

CVE-2026-12469

A flaw was found in the GPU component of Google Chrome on Android. This uninitialized use vulnerability could be exploited by a remote attacker. By enticing a user to visit a specially crafted HTML page, an attacker could cause the leakage of sensitive cross-origin data...

6.5CVSS5.8AI score0.00186EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.6 views

SUSE CVE-2026-12469

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.3AI score0.00186EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50802

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References9
Snyk
Snyk
added 2026/06/17 6:47 p.m.4 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...

8.9CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 6:51 p.m.23 views

CVE-2026-0155

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00169EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 6:28 p.m.7 views

GHSA-3GP5-Q4JW-3V94 Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL

Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in the UI. The REST datasource implementation redacts stored Basic/Bearer/OAuth2 auth secrets before returning datasource data to clients...

8.1CVSS5.7AI score0.00257EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 9:16 a.m.7 views

Security Bulletin: IBM Cloud Pak for Data System (CPDS 1.x) Platform - Multiple Vulnerabilities in IBM Java

Summary IBM Cloud Pak for Data System CPDS 1.x Platform uses IBM Java versions that are affected by multiple critical vulnerabilities disclosed in the Oracle January 2026 CPU advisory. The vulnerabilities impact IBM Java 7.1 prior to 7.1.5.29 and 8.0 prior to 8.0.8.60. These vulnerabilities affec...

7.5CVSS5.5AI score0.00864EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/11 7:16 a.m.9 views

MAL-2026-5592 Malicious code in 0x2ai-demo6 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0f4a43a40af9e707d98ed55406b0ff32dccaad352fccf5d1eaaca41b9959d924 On npm install, scripts/postinstall.cjs writes .mcp.json into the installer's working directory INITCWD wiring Claude Code to a packaged MCP server...

5.5AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 6:49 a.m.25 views

Malicious code in sysau (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2b9246e768a775d54485e7208d0ed4fc575af09bc78c3fde95c5cb24ebc2350d Package advertises itself as a 'System binary configuration tool' but ships pointer.py spawned by index.js which hardcodes...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/10 7:28 p.m.11 views

MAL-2026-5531 Malicious code in telegramlite (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 be464abbf0e3f375f4865ac2802a6b6d96e7af1ce30984d84f464470cdef17dd Package exfiltrates data from the Telegram application to a remote location, effectively collecting Telegram sessions. --- Category: MALICIOUS - The campaign h...

5.5AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/10 2:31 a.m.8 views

SUSE CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 9:42 p.m.10 views

MAL-2026-5489 Malicious code in bittensor-emission-tracker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ca5db94f9840938f43eca692c1176b72bbd94a2f86a694c3293853f39b886a2f The package advertises Bittensor subnet burn-rate monitoring but ships a Cython-compiled darwin.so core.cpython-310-darwin.so containing an...

5.7AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:6 a.m.9 views

CVE-2026-26236 QuMagie

A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...

8.7CVSS5.5AI score0.00322EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 12:33 a.m.10 views

EUVD-2026-35268

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-11665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

4.3CVSS5.5AI score0.00217EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/08 3:33 p.m.11 views

Malicious code in bittensor-burn-alert (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 06e89dc9ff0a5d334b67a01c572c036b0740adf6d8669d2fa25c241a0c098116 The package advertises itself as a Bittensor subnet burn-rate monitor but bundles a covert clipboard surveillance daemon in its compiled core module...

5.7AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/07 4:45 a.m.7 views

SUSE CVE-2026-11106

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00187EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:43 a.m.12 views

SUSE CVE-2026-11153

Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

9.1CVSS5.5AI score0.00264EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:43 a.m.8 views

SUSE CVE-2026-11156

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References2
Rows per page
Query Builder