Lucene search
K

1036 matches found

Debian CVE
Debian CVE
added 2026/06/04 11:4 p.m.10 views

CVE-2026-11102

Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. Chromium security severity: Medium...

8.8CVSS6AI score0.00386EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.18 views

PT-2026-46629

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in Isolated Web Apps allows a remote attacker to execute arbitrary code inside a sandbox by using a malicious file. Recommendations Update to version...

9.6CVSS6.4AI score0.00493EPSS
Exploits0References437
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the Isolated Web Apps component. This vulnerability could allow remote attackers to execute arbitrary code in...

8.8CVSS6AI score0.00386EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/01 9:0 p.m.10 views

Malicious Package

Overview abuden219 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview sixseven1 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.12 views

Malicious Package

Overview abuden210 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisin...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.11 views

Malicious Package

Overview ishowfeet2 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.13 views

Malicious Package

Overview ishowfeet14 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/01 9:0 p.m.12 views

Malicious Package

Overview miguelphonk is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate...

9.8CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 8:2 p.m.11 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS5.9AI score0.01102EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/12 8:2 p.m.31 views

CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files

Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...

9.3CVSS0.01102EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/04/24 3:26 p.m.107 views

coordinated-disclosure

coordinated-disclosure A Claude Code skill + plugin marketpla...

5.6AI score
Exploits0
Fedora
Fedora
added 2026/04/16 1:9 a.m.8 views

[SECURITY] Fedora 42 Update: moby-engine-29.4.0-1.fc42

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This means they can run anywhere, from your laptop to the largest EC2 compute instance a nd everything in between =E2=80=94 and...

7.5CVSS6.4AI score0.00651EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/04/11 12:31 a.m.4 views

Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.6CVSS5.8AI score0.0017EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/10 6:57 a.m.3 views

CVE-2026-5892

An insufficient policy enforcement flaw was found in the PWAs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487568011...

7.7CVSS5.7AI score0.0017EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/09 12:32 a.m.9 views

EUVD-2026-20711

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.0017EPSS
Exploits0References3
NVD
NVD
added 2026/04/08 10:16 p.m.3 views

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

6.6CVSS0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/04/08 10:16 p.m.2 views

DEBIAN-CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

6.6CVSS8.4AI score0.0017EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/08 9:20 p.m.4 views

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

7.3AI score0.0017EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/08 9:20 p.m.19 views

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

0.0017EPSS
Exploits0References2
Rows per page
Query Builder