Lucene search
K

676 matches found

EUVD
EUVD
added yesterday4 views

EUVD-2026-40715

Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00174EPSS
Exploits0References3
OSV
OSV
added 2 days ago3 views

DEBIAN-CVE-2026-14027

Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.8AI score0.00174EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-14027

Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

8.8CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago20 views

CVE-2026-14027

Use after free in SignIn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

0.00174EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 10:16 p.m.7 views

CVE-2026-55759

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 9:7 p.m.8 views

CVE-2026-55759

Rocket.Chat Apple Sign-In had a JWT claims validation bypass prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13. Any Apple-signed JWT with a non-empty iss could be accepted regardless of aud, exp, nbf, or nonce, enabling replay authentication if an attacker obtains a user’s identity t...

7.4CVSS5.9AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 9:7 p.m.15 views

CVE-2026-55759 Rocket.Chat: Apple Sign-In skips JWT claims validation, allowing expired and cross-audience token replay

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.1, 8.4.4, 8.3.6, 8.2.6, 8.1.6, 8.0.7, and 7.10.13, Rocket.Chat's Apple Sign-In handler verifies JWT signatures but skips claims validation. Any Apple-signed JWT with a non-empty iss is accepted...

7.4CVSS0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:7 p.m.26 views

CVE-2026-53947 Ghost: Member existence leak via magic link sign-in response

Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possible for an unauthenticated attacker to determine whether a given email address belongs to a registered member of a Ghost site. This vulnerability is...

5.3CVSS0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52117

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.1 Rocket.Chat versions prior to 8.4.4 Rocket.Chat versions prior to 8.3.6 Rocket.Chat versions prior to 8.2.6 Rocket.Chat versions prior to 8.1.6 Rocket.Chat versions prior to 8.0.7 Rocket.Chat versions prior ...

7.4CVSS5.8AI score0.00243EPSS
Exploits0References7
NVD
NVD
added 2026/06/23 9:16 p.m.8 views

CVE-2026-47380

NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, sign-in response timing differed between known and unknown email addresses because the unknown-user branch returned without performing a password hash comparison. This vulnerability is fixed in 2026.04.1...

6.3CVSS0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:33 p.m.17 views

CVE-2026-47380

CVE-2026-47380 affects NocoDB. The vulnerability stems from an unknown-user sign-in path in auth.service.ts where the unknown-user branch returned without a password hash check, causing timing differences between known and unknown emails. This could enable network-positioned attackers to enumerat...

6.3CVSS5.8AI score0.00197EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Chromium

In the Sign-In Flow in Google Chrome, using after free before version 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.3AI score0.00632EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in the Sign-In process in Google Chrome before version 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through profile destruction. Chromium security severity: Medium...

8.8CVSS7.3AI score0.00576EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Chromium

Chromium: CVE-2021-30609 – Use after free in Sign-In...

8.8CVSS7.7AI score0.04159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Chromium

Before version 97.0.4692.71, using "Use after free" in the "Sign-in" process in Google Chrome allowed a remote attacker to convince a user to perform certain user gestures, thereby potentially exploiting heap corruption through those gestures...

8.8CVSS7.3AI score0.01165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Before version 105.0.5195.52, using “after free” in the Sign-In Flow in Google Chrome allowed a remote attacker who convinced a user to engage in certain UI interactions to potentially exploit heap corruption through crafted UI interactions...

8.8CVSS6.8AI score0.00639EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the Sign-In process in Google Chrome prior to version 1.3.36.351 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page. Chromium security severity: Medium...

6.5CVSS6.7AI score0.00293EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37586

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

8.8CVSS5.3AI score0.00408EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.8 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS0.00364EPSS
Exploits0References1
Rows per page
Query Builder