CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

86 matches found

Redos•added 2026/05/15 12:0 a.m.•6 views

ROS-20260515-73-0044

A vulnerability in the implementation of the Resource Timing application programming interface of the Google Chrome browser is associated with incorrect protection of physical third-party channels. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to...

3.1CVSS5.8AI score0.00039EPSS

Exploits0

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24877

CVE-2026-3929 Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. … https://t.co/Eu1lU8NeVv...

3.1CVSS5.8AI score0.00039EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-3056

Malware in sbrugna...

6.5CVSS8AI score0.00402EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-17814

Malware in sbrugna...

6.5CVSS6.6AI score0.00312EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-1441

Malware in sbrugna...

5CVSS9.1AI score0.00909EPSS

Exploits0References16

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6871

Malware in sbrugna...

6.5CVSS7.9AI score0.0071EPSS

Exploits0References9

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2016-6201

Malware in sbrugna...

5CVSS7.3AI score0.00527EPSS

Exploits0References20

Tenable Nessus•added 2025/09/03 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2021-30897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is...

6.5CVSS6.6AI score0.00312EPSS

Exploits0References2

RedHat Linux•added 2025/07/07 2:28 a.m.•2 views

webkitgtk: Cross-origin data exfiltration via resource timing API

A flaw was found in the resource timing API specification and its implementation in WebKitGTK. A malicious web site could use this flaw to trigger a cross-domain data exfiltration...

6.5CVSS6.5AI score0.00312EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:7 a.m.•2 views

SUSE CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

6.5CVSS6.7AI score0.00402EPSS

Exploits0References14

SUSE CVE•added 2023/02/15 4:46 a.m.•2 views

SUSE CVE-2017-7830

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox 57, Firefox ESR 52.5, and Thunderbird 52.5...

7.5CVSS8.5AI score0.00862EPSS

Exploits0References7

SUSE CVE•added 2023/02/15 4:38 a.m.•2 views

SUSE CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS8.6AI score0.0071EPSS

Exploits0References5

SUSE CVE•added 2023/02/15 3:41 a.m.•2 views

SUSE CVE-2021-30897

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin...

6.5CVSS6.7AI score0.00312EPSS

Exploits0References9

OpenVAS•added 2021/11/08 12:0 a.m.•14 views

Mozilla Firefox Security Advisory (MFSA2016-84) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

5CVSS7AI score0.00527EPSS

Exploits0References3