Lucene search
+L

34 matches found

euvd
euvd
added yesterday6 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
debiancve
debiancve
added 2026/07/08 10:35 p.m.4 views

CVE-2026-15109

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS6AI score0.00215EPSS
Exploits0
cvelist
cvelist
added 2026/06/30 10:38 p.m.28 views

CVE-2026-13964

Insufficient policy enforcement in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

0.00277EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:11 p.m.12 views

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS5.8AI score0.00336EPSS
Exploits0References1
nessus
nessus
added 2026/06/05 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-11259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted...

4.3CVSS5.5AI score0.00182EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/04 11:4 p.m.37 views

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

0.00165EPSS
Exploits0References2
nvd
nvd
added 2026/05/27 3:16 p.m.16 views

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

8.8CVSS0.00312EPSS
Exploits1References1
osv
osv
added 2026/05/27 2:29 p.m.4 views

CVE-2026-42184 Tauri: Origin Confusion Allows Remote Pages to Invoke Local-Only IPC Commands

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

6.1CVSS6AI score0.00312EPSS
Exploits1References3
osv
osv
added 2026/05/06 4:58 p.m.18 views

GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References3
euvd
euvd
added 2026/04/03 9:31 p.m.7 views

EUVD-2026-18819

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

6.9CVSS5.5AI score0.00322EPSS
Exploits0References9
nessus
nessus
added 2025/11/18 12:0 a.m.4 views

Mozilla Firefox < 68.10.1

The version of Firefox installed on the remote Windows host is prior to 68.10.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-27 advisory. - A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leadi...

7.4CVSS7.3AI score0.01091EPSS
Exploits0References2
nessus
nessus
added 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-28941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or...

5.3CVSS6.2AI score0.01131EPSS
Exploits1References2
bdu_fstec
bdu_fstec
added 2025/04/09 12:0 a.m.11 views

The vulnerability of Google Chrome browsers, related to memory usage after deallocation, allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of Google Chrome relates to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data through a specially crafted HTML page...

10CVSS7.6AI score0.00342EPSS
Exploits0References14Affected Software6
osv
osv
added 2024/11/22 9:15 p.m.5 views

CVE-2024-11556

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

7.8CVSS6.2AI score0.00394EPSS
Exploits0References1
susecve
susecve
added 2023/02/15 6:14 a.m.7 views

SUSE CVE-2006-4256

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different...

4.3CVSS6.9AI score0.01668EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 4:10 a.m.3 views

SUSE CVE-2019-13717

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page...

4.3CVSS7.8AI score0.01042EPSS
Exploits0References8
susecve
susecve
added 2023/02/15 4:2 a.m.4 views

SUSE CVE-2020-6475

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

6.5CVSS6.6AI score0.01669EPSS
Exploits1References5
susecve
susecve
added 2023/02/15 3:31 a.m.3 views

SUSE CVE-2022-3053

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page...

4.3CVSS6AI score0.00522EPSS
Exploits0References5
susecve
susecve
added 2023/02/15 3:30 a.m.3 views

SUSE CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS9.2AI score0.16109EPSS
Exploits2References6
cnnvd
cnnvd
added 2022/01/26 12:0 a.m.3 views

Apple多款产品安全特征问题漏洞

Apple tvOS and others are products of Apple Inc.Apple tvOS is an operating system for smart TVs.Apple watchOS is an operating system for smart watches.Apple iPadOS is an operating system for iPad tablets. A vulnerability exists in various Apple products due to a security signature issue, which...

6.5CVSS6.7AI score0.01495EPSS
Exploits0References21
Rows per page
Query Builder