Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8205 matches found

Github Security Blog
Github Security Blogadded 2026/05/06 11:34 p.m.4 views

Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery

Summary The kanidmd web UI renders the WebAuthn passkey-registration challenge as raw JSON inside an inline element using the Askama |safe filter. The challenge embeds the account's displayname, which serdejson serialises without escaping . A displayname containing therefore terminates the script...

5.9AI score
Exploits0References2Affected Software1
OSV
OSVadded 2026/05/06 9:34 p.m.1 views

GHSA-FCX8-PH5R-MXR4 Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

8.6CVSS5.9AI score0.0002EPSS
Exploits0References3
Snyk
Snykadded 2026/05/06 9:34 p.m.7 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Flight::jsonp process. An attacker can execute arbitrary JavaScript in the context of the response origin by supplying a crafted jsonp query parameter, which is concatenated directly into the JavaScript...

9.3CVSS5.8AI score0.0002EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/06 9:31 p.m.1 views

EUVD-2026-28113

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. Chromium security severity: Low...

4.3CVSS5.8AI score0.00018EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/06 9:31 p.m.0 views

EUVD-2026-28042

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.9AI score0.00025EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/06 9:31 p.m.0 views

EUVD-2026-28057

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.8AI score0.00023EPSS
Exploits0References3
NVD
NVDadded 2026/05/06 7:16 p.m.0 views

CVE-2026-8005

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. Chromium security severity: Low...

4.3CVSS0.00018EPSS
Exploits0References2
NVD
NVDadded 2026/05/06 7:16 p.m.5 views

CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS0.00023EPSS
Exploits0References2
NVD
NVDadded 2026/05/06 7:16 p.m.2 views

CVE-2026-7968

Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

3.1CVSS0.00036EPSS
Exploits0References2
NVD
NVDadded 2026/05/06 7:16 p.m.2 views

CVE-2026-7969

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00025EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/06 6:13 p.m.8 views

CVE-2026-8005

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. Chromium security severity: Low...

4.3CVSS5.8AI score0.00018EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/06 6:13 p.m.7 views

CVE-2026-8005

Summary: CVE-2026-8005 in Google Chrome involves insufficient validation of untrusted input in the Cast component, enabling a local-network attacker to bypass the same-origin policy. Affected software/area: Google Chrome prior to 148.0.7778.96 (Cast). Root cause / scope: Insufficient input valida...

4.3CVSS5.8AI score0.00018EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/06 6:13 p.m.27 views

CVE-2026-8005

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. Chromium security severity: Low...

0.00018EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/06 6:13 p.m.3 views

CVE-2026-8005

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. Chromium security severity: Low...

5.8AI score0.00018EPSS
Exploits0References2
CVE
CVEadded 2026/05/06 6:12 p.m.8 views

CVE-2026-7977

CVE-2026-7977 involves an inappropriate implementation in Canvas in Google Chrome before 148.0.7778.96 that allows a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected software is Google Chrome (Canvas component in Chromium). Root cause is an incorrect Canvas imple...

6.3CVSS5.8AI score0.00023EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/05/06 6:12 p.m.28 views

CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

0.00023EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/06 6:12 p.m.3 views

CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00023EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/05/06 6:12 p.m.6 views

CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.3CVSS5.8AI score0.00023EPSS
Exploits0
ATTACKERKB
ATTACKERKBadded 2026/05/06 6:12 p.m.2 views

CVE-2026-7977

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00023EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/06 6:12 p.m.5 views

CVE-2026-7969

CVE-2026-7969 is an integer overflow in the Chrome Network component prior to 148.0.7778.96. A remote attacker who has compromised the renderer could bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome (Desktop) prior to 148.0.7778.96. Impact details are limite...

4.3CVSS5.9AI score0.00025EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder