Lucene search
+L

1400 matches found

OSV
OSV
added last week2 views

CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS6.1AI score0.00151EPSS
Exploits0References4
Cvelist
Cvelist
added last week29 views

CVE-2026-56254 capacitor-updater - End-to-End Encryption Bypass via Private Key Distribution

In @capgo/capacitor-updater Cap-go/capgo before 12.128.2, the end-to-end encryption scheme distributes the private key to each device that downloads the app. Because the public key can be derived from the private key, an attacker performing a man-in-the-middle attack or compromising the Capgo...

8.3CVSS0.00151EPSS
Exploits0References2
CVE
CVE
added last week6 views

CVE-2026-56254

CVE-2026-56254 affects "@capgo/capacitor-updater" prior to version 12.128.2. The end‑to‑end encryption scheme distributes the private key to every device that downloads the app, allowing the public key to be derived from the private key. This enables an attacker who can perform a MITM attack or c...

8.3CVSS6.1AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 4:16 p.m.7 views

CVE-2025-53827

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 2:31 p.m.46 views

CVE-2025-53827 ownCloud Core: Updater has an exposed dangerous method or function

ownCloud Core is the server-side component of the file storage, synchronization, and sharing application ownCloud Classic. In versions prior to 10.15.3, the Updater on ownCloud 10 before 10.15.3 has an exposed dangerous method or function. Attackers with administrative privileges may leverage...

9.1CVSS0.00342EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 2:31 p.m.17 views

CVE-2025-53827

ownCloud Core Updater on versions prior to 10.15.3 exposes a dangerous method/function. Attackers with administrative privileges may leverage it to execute arbitrary code. The issue is fixed in 10.15.3 (CVSSv3.1: 9.1, CRITICAL; network, high impact on confidentiality, integrity, and availability).

9.1CVSS6.1AI score0.00342EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55938

Name of the Vulnerable Software and Affected Versions ownCloud Core versions prior to 10.15.3 Description The Updater component of the server-side file storage, synchronization, and sharing application contains an exposed dangerous method or function. Attackers with administrative privileges can...

9.1CVSS6.3AI score0.00342EPSS
Exploits0References8
Fedora
Fedora
added 2026/07/05 1:10 a.m.11 views

[SECURITY] Fedora 44 Update: clamav-1.4.5-1.fc44

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/01 2:8 p.m.8 views

CVE-2026-54673

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability allows a remote attacker to obtain sensitive user credentials. When an Electron application performs an HTTP redirect, the electron-updater's redirect handler fails to strip...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/01 1:29 p.m.9 views

CVE-2026-54672

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40800

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40706

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Medium...

5.8AI score0.00104EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40530

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

5.8AI score0.00109EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40486

Inappropriate implementation in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

5.8AI score0.00116EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40513

Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: High...

5.8AI score0.00109EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-14018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-13827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Updater in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. Chromium...

7.8CVSS6.2AI score0.00109EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-54673

electron-updater allows for automatic updates for Electron apps. Prior to 9.7.0, the HTTP redirect handler HttpExecutor.prepareRedirectUrlOptions only stripped a credential header whose key string matched exactly lowercase "authorization", exposing credentials. Other credential-bearing headers —...

8.2CVSS0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-54672

electron-updater allows for automatic updates for Electron apps. Prior to 26.15.0, AppImage targets built by app-builder-lib could use an empty path component when setting the LDLIBRARYPATH environment variable at runtime. This causes the current working directory to be added to the dynamic linke...

7.8CVSS0.00129EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14113

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References1
Rows per page
Query Builder