Lucene search
K

38 matches found

Debian CVE
Debian CVE
added last week4 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0
EUVD
EUVD
added 2026/06/05 8:41 p.m.11 views

EUVD-2026-31113

Twig: Possible sandbox bypass when using a source policy...

9.9CVSS5.4AI score0.00738EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.10 views

PT-2026-46724

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Workers allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that restric...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References434
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.6 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the browser’s UI, allowing remote attackers who had infiltrated the rendering process to...

4.3CVSS7.4AI score0.00191EPSS
Exploits0References3
CVE
CVE
added 2026/04/03 11:55 p.m.12 views

CVE-2026-34775

Electron: nodeIntegrationInWorker was not correctly scoped in shared renderer processes. Affected versions prior to 38.8.6, 39.8.4, 40.8.4, and 41.0.0 may allow workers in frames with nodeIntegrationInWorker: false to gain Node.js integration in certain process-sharing scenarios. This could enabl...

9.8CVSS5.8AI score0.00289EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 11:55 p.m.21 views

CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:55 p.m.4 views

CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS5.8AI score0.00289EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:43 a.m.2 views

Improper Isolation or Compartmentalization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 2:43 a.m.3 views

Improper Isolation or Compartmentalization

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in shared renderer...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 2:43 a.m.10 views

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/03 2:43 a.m.3 views

GHSA-XWR5-M59H-VWQR Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

6.8CVSS5.9AI score0.00289EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/24 7:22 p.m.3 views

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tomarkdown function when serializing attacker-controlled content. An attacker can execute arbitrary HTML or scripts by crafting input containing...

7.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2513

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00656EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.4 views

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to writing beyond the buffer limit, allows attackers to cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

5CVSS6.7AI score0.0095EPSS
Exploits0References13Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.12 views

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules, related to the occurrence of operations outside the buffer in memory, allows attackers to cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS7AI score0.00291EPSS
Exploits0References13Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/04/10 12:0 a.m.6 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to reading data beyond the allowed buffer limits, allows attackers to cause service failures.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to reading data beyond the acceptable buffer limits. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.8CVSS6.9AI score0.01135EPSS
Exploits0References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2024/09/23 12:0 a.m.5 views

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the improper limitation of the visible layers of the user interface. This allows attackers to access confidential data and compromise its integrity.

The vulnerability of the WebPage Rendering Modules in WebKitGTK and WPE WebKit is related to an incorrect limitation on the layers of the user interface that can be rendered. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and compromise its integrity...

6.4CVSS6.9AI score0.01192EPSS
Exploits0References16Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.6 views

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the lack of protective measures for web page structures, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

10CVSS7.6AI score0.00964EPSS
Exploits0References8Affected Software4
SUSE CVE
SUSE CVE
added 2023/09/07 2:35 a.m.4 views

SUSE CVE-2023-23623

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...

7.5CVSS9.5AI score0.00656EPSS
Exploits0References2
OSV
OSV
added 2023/09/06 6:42 p.m.2 views

GHSA-GXH7-WV9Q-FWFR Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Impact A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandbox and contextIsolation disabled. i.e. sandbox: false and contextIsolation: false in the webPreferences...

7.5CVSS5.8AI score0.00656EPSS
Exploits0References7
Rows per page
Query Builder