Lucene search
K

1200 matches found

Nuclei
Nuclei
added 12 hours ago60 views

Label Studio - Cross-Site Scripting

Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...

7.1CVSS6.5AI score0.01448EPSS
Exploits1References5
Nuclei
Nuclei
added 12 hours ago19 views

AP Pricing Tables Lite <= 1.1.6 - SQL Injection

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...

7.2CVSS7.1AI score0.03229EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday41 views

Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion

Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task. id: CVE-2015-4074 info: name: Joomla! Helpdesk Pro plugin 1.4.0 - Local File...

7.5CVSS7.2AI score0.5651EPSS
Exploits5References5
Nuclei
Nuclei
added 2 days ago71 views

Rails File Content Disclosure

Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...

7.5CVSS7.1AI score0.98507EPSS
Exploits18References5
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40525

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-13822

Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS0.00142EPSS
Exploits0References2
CVE
CVE
added 4 days ago8 views

CVE-2026-13819

CVE-2026-13819 affects Google Chrome on macOS via ANGLE. The vulnerability is an out-of-bounds memory read in ANGLE that could be triggered by a crafted HTML page when the renderer is compromised, with impact described as high. Remediation: update to Chrome 150.0.7871.47 or later. Exploitation st...

8.1CVSS5.8AI score0.00308EPSS
Exploits0References2Affected Software1
CVE
CVE
added 4 days ago5 views

CVE-2026-13814

CVE-2026-13814 affects Google Chrome (Views) with use-after-free in the rendering/Views UI path, prior to 150.0.7871.47. Root cause: use-after-free leading to potential heap corruption. Attack flow requires user interaction (specific UI gestures) and a crafted HTML page; impact is high confidenti...

7.5CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 9:51 p.m.5 views

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.8AI score0.00115EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.14 views

Astra Linux – Vulnerability in Chromium

A out-of-bounds read in Blink within Google Chrome before version 146.0.7680.153 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...

8.8CVSS5.8AI score0.00253EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in Chromium

“Type Confusion in V8 in Google Chrome” before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00306EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Chromium

Using “after free” in Dawn in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.00313EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Peer Connection in Google Chrome before version 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.4AI score0.00636EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.7AI score0.40798EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in Navigation in Google Chrome before version 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.30339EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:20 p.m.17 views

CVE-2026-12458

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

3.1CVSS0.0019EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.9 views

CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.3AI score0.00109EPSS
Exploits0
CVE
CVE
added 2026/06/11 8:48 p.m.35 views

CVE-2026-12026

CVE-2026-12026 : Affected product is Google Chrome/Chromium on ChromeOS. The vulnerability is an out-of-bounds read in the Video component, allowing a remote attacker who has compromised the renderer process to read sensitive data from process memory via a crafted HTML page. Root cause described ...

6.5CVSS5.5AI score0.00236EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.14 views

PT-2026-47471

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out-of-bounds read and write issue exists in V8, the JavaScript and WebAssembly engine used by Google Chrome. This flaw allows a remote attacker to execute arbitrary code within the...

10CVSS8AI score0.01654EPSS
Exploits4References214
SUSE CVE
SUSE CVE
added 2026/06/07 4:49 a.m.8 views

SUSE CVE-2026-10959

Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00361EPSS
Exploits0References2
Rows per page
Query Builder