Lucene search
K

1753 matches found

nvd
nvd
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13961

Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security...

5.3CVSS0.00265EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:39 p.m.171 views

CVE-2026-14117

The CVE-2026-14117 entry concerns Google Chrome’s DevTools on Windows prior to version 150.0.7871.47. The vulnerability is described as insufficient validation of untrusted input in DevTools, which could enable a remote attacker to obtain potentially sensitive information from process memory when...

5.3CVSS5.8AI score0.00232EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/30 10:39 p.m.25 views

CVE-2026-14113

The CVE-2026-14113 entry describes a use-after-free in Chrome’s Updater on Windows before 150.0.7871.47. A remote attacker who already compromised the renderer could potentially escape the sandbox via a crafted HTML page. The issue is tied to the Chromium-based Updater component; exact root cause...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2026/06/30 10:39 p.m.4 views

CVE-2026-14113

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.6CVSS5.8AI score0.00244EPSS
Exploits0
debiancve
debiancve
added 2026/06/30 10:38 p.m.7 views

CVE-2026-13925

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.2AI score0.00354EPSS
Exploits0
cve
cve
added 2026/06/30 10:38 p.m.19 views

CVE-2026-13875

Chrome on Windows is affected by CVE-2026-13875 due to insufficient validation of untrusted input in the GPU, enabling a renderer-compromised attacker to potentially read process memory via a crafted HTML page. The issue is tied to Chromium-based Chrome and is reported as a Medium-severity vulner...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References2Affected Software1
debiancve
debiancve
added 2026/06/30 10:37 p.m.5 views

CVE-2026-13860

Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00199EPSS
Exploits0
debiancve
debiancve
added 2026/06/30 10:37 p.m.5 views

CVE-2026-13844

Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.8AI score0.00109EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.13 views

PT-2026-54392

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.10 views

PT-2026-54286

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in codecs allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page. Recommendation...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
nvd
nvd
added 2026/06/25 4:16 p.m.7 views

CVE-2026-4522

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...

6.7CVSS0.00123EPSS
Exploits0References1
euvd
euvd
added 2026/06/25 1:17 p.m.6 views

EUVD-2026-39390

Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1
cve
cve
added 2026/06/25 1:17 p.m.15 views

CVE-2026-46733

Dell Display and Peripheral Manager (DDPM Windows) before version 2.3 is affected by an Improper Access Control vulnerability that could allow a low-privilege, locally authenticated attacker to achieve code execution. The available documents do not specify the exact root cause, exploit path, or a...

7.8CVSS5.9AI score0.00101EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/24 6:43 p.m.37 views

CVE-2026-13038

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

0.0026EPSS
Exploits0References2
nvd
nvd
added 2026/06/22 6:16 p.m.15 views

CVE-2026-54286

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS0.00292EPSS
Exploits0References1
nvd
nvd
added 2026/06/22 6:16 p.m.12 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits2References1
osv
osv
added 2026/06/19 3:55 p.m.19 views

MAL-2026-6229 Malicious code in routecraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...

5.9AI score
Exploits0References3
ossf
ossf
added 2026/06/19 3:55 p.m.11 views

Malicious code in routecraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...

5.9AI score
Exploits0References3
euvd
euvd
added 2026/06/17 6:35 p.m.9 views

EUVD-2025-210212

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/17 5:50 p.m.11 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
Rows per page
Query Builder