1753 matches found
CVE-2026-13961
Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security...
CVE-2026-14117
The CVE-2026-14117 entry concerns Google Chrome’s DevTools on Windows prior to version 150.0.7871.47. The vulnerability is described as insufficient validation of untrusted input in DevTools, which could enable a remote attacker to obtain potentially sensitive information from process memory when...
CVE-2026-14113
The CVE-2026-14113 entry describes a use-after-free in Chrome’s Updater on Windows before 150.0.7871.47. A remote attacker who already compromised the renderer could potentially escape the sandbox via a crafted HTML page. The issue is tied to the Chromium-based Updater component; exact root cause...
CVE-2026-14113
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13925
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13875
Chrome on Windows is affected by CVE-2026-13875 due to insufficient validation of untrusted input in the GPU, enabling a renderer-compromised attacker to potentially read process memory via a crafted HTML page. The issue is tied to Chromium-based Chrome and is reported as a Medium-severity vulner...
CVE-2026-13860
Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13844
Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
PT-2026-54392
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DevTools on Windows allows a remote attacker to obtain potentially sensitive information from process memory. This occurs when a user is...
PT-2026-54286
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in codecs allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page. Recommendation...
CVE-2026-4522
Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1...
EUVD-2026-39390
Dell Display and Peripheral Manager DDPM Windows, versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...
CVE-2026-46733
Dell Display and Peripheral Manager (DDPM Windows) before version 2.3 is affected by an Improper Access Control vulnerability that could allow a low-privilege, locally authenticated attacker to achieve code execution. The available documents do not specify the exact root cause, exploit path, or a...
CVE-2026-13038
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-54286
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...
CVE-2026-53571
Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...
MAL-2026-6229 Malicious code in routecraft (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...
Malicious code in routecraft (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...
EUVD-2025-210212
Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...
CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...