Lucene search
+L

1751 matches found

Debian CVE
Debian CVE
added 2026/06/30 10:37 p.m.10 views

CVE-2026-13848

Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00351EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:37 p.m.30 views

CVE-2026-13813

Summary: CVE-2026-13813 concerns Chrome for iOS where insufficient policy enforcement in the renderer allowed a sandbox escape via a crafted HTML page after renderer compromise. The issue affects Google Chrome on iOS before version 150.0.7871.47 (Chromium security severity: High). Root cause / vu...

8.3CVSS5.8AI score0.00277EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-54354

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Network component allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-13027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS6.2AI score0.00195EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 10:17 p.m.3 views

DEBIAN-CVE-2026-13283

Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS6.2AI score0.00229EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/24 6:43 p.m.7 views

CVE-2026-13032

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.9AI score0.00217EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/23 11:48 a.m.7 views

Astra Linux – Vulnerability in Chromium

The incorrect security UI in Split View in Google Chrome prior to version 144.0.7559.59 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

9.8CVSS5.5AI score0.00246EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS0.00381EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 5:15 p.m.36 views

CVE-2026-10789 MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

9.6CVSS0.00381EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 5:15 p.m.40 views

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

9.6CVSS6.2AI score0.00381EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 12:0 a.m.10 views

EUVD-2025-210298

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.19 views

PT-2026-51360

Name of the Vulnerable Software and Affected Versions Autodesk Fusion Desktop affected versions not specified Description A flaw in the MCP extension allows arbitrary code execution when a user visits a maliciously crafted webpage while the software is running and the extension is enabled. A...

9.6CVSS6.4AI score0.00381EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:0 a.m.4 views

CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

5.9AI score0.00853EPSS
Exploits1References4
CVE
CVE
added 2026/06/22 12:0 a.m.33 views

CVE-2025-66389

GitHub Copilot 1.372.0 is affected. The flaw allows filesystem access outside the workspace folder via a file-handler URI parameter to fetch_webpage, without user approval. This could enable exfiltration if an indirect prompt injection occurs. The CVSS 3.1 base score is 7.5 (HIGH) with network at...

7.5CVSS5.9AI score0.00853EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 12:0 a.m.38 views

CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

0.00853EPSS
Exploits1References3
Circl
Circl
added 2026/06/19 5:56 p.m.7 views

CVE-2017-20274

creationtimestamp| type| source ---|---|--- 2026-06-19 17:56:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3monw3kez562g...

8.8CVSS5.8AI score0.00237EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:28 p.m.16 views

EUVD-2026-37759

A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malicious webpage. Cisco has addressed this vulnerability in the Cisco Webex App, and no customer action is needed. This vulnerability existed due to...

4.3CVSS5.5AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 1:20 p.m.8 views

DEBIAN-CVE-2026-12447

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 7:16 a.m.19 views

CVE-2026-12060

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS0.00313EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48831

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the Heptabase application, thereby gaining...

6.9CVSS5.3AI score0.00313EPSS
Exploits0References3
Rows per page
Query Builder