Lucene search
+L

1763 matches found

OSV
OSV
added 2026/06/23 5:20 p.m.6 views

CVE-2026-49402 Deno: Command Injection via spawnSync & spawn on Windows

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.7.10, Deno's node:childprocess implementation provided an escapeShellArg helper used when callers passed shell: true to spawn / spawnSync / exec and friends. On Windows, the helper failed to quote arguments that contained cmd.e...

8.1CVSS6.1AI score0.00283EPSS
Exploits1References3
NVD
NVD
added 2026/06/22 6:16 p.m.17 views

CVE-2026-54286

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as...

5.9CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 6:16 p.m.15 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits2References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 3:55 p.m.12 views

Malicious code in routecraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/19 3:55 p.m.20 views

MAL-2026-6229 Malicious code in routecraft (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a0c4f17a9e94ab9fdbab7325f597551a6c0ba5b9e210cb0b7e28d3b86b4766d0 [email protected] ships verbatim Express.js source lib/routecraft.js, lib/application.js, lib/request.js, lib/response.js, lib/utils.js, lib/view.js —...

5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.10 views

EUVD-2025-210212

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 5:50 p.m.12 views

CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.3AI score0.00368EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 1:38 a.m.38 views

CVE-2026-12466

Summary (CVE-2026-12466) : A heap buffer overflow in WebRTC within Google Chrome on Windows before version 149.0.7827.155 allows remote code execution via a crafted HTML page. Multiple connected sources corroborate the Windows/WebRTC/chrome vector and fixed version, signaling a high-severity Chro...

8.8CVSS6.4AI score0.00426EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/17 1:38 a.m.24 views

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

0.00426EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.14 views

CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.3AI score0.00109EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/17 1:38 a.m.8 views

CVE-2026-12444

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

5.5CVSS5.3AI score0.00143EPSS
Exploits0
Snyk
Snyk
added 2026/06/16 9:13 p.m.10 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview yt-dlp is an A youtube-dl fork with additional features and patches Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via insufficient sanitization of input passed to the aria2c external...

9.6CVSS6.4AI score0.00406EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.10 views

Mozilla Thunderbird < 152.0

The version of Thunderbird installed on the remote Windows host is prior to 152.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-60 advisory. - Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.8CVSS5.8AI score0.00476EPSS
Exploits0References41
Snyk
Snyk
added 2026/06/15 5:17 p.m.14 views

Directory Traversal

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/06/12 10:16 p.m.8 views

CVE-2025-14098 Avira antivirus engine heap buffer OOB write when scanning a malformed MS-DOS executable file

Heap buffer out-of-bounds write vulnerability due to integer overflow in Avira Antivirus engine when scanning a malformed MS-DOS executable file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process. This issue affects Avira Antivirus on Windows, macOS, and Linux...

7.8CVSS5.8AI score0.00122EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 10:11 p.m.10 views

CVE-2025-7010 Avast antivirus stack overflow when scanning a malformed PDF file

Stack overflow vulnerability due to uncontrolled recursion in Avast Antivirus when scanning a malformed PDF file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast Business Antivirus on Windows, macOS, an...

5.5CVSS5.5AI score0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 12:31 a.m.9 views

EUVD-2026-36349

Use after free in Video in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.14 views

PT-2026-49014

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25021310 AVG Antivirus versions prior to VPS 25021310 Norton Antivirus versions prior to VPS 25021310 Avast One versions prior to VPS 25021310 Avast Business Antivirus versions prior to VPS 25021310...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.29 views

PT-2026-49010

Name of the Vulnerable Software and Affected Versions Avast Antivirus versions prior to VPS 25040308 AVG Antivirus versions prior to VPS 25040308 Norton Antivirus versions prior to VPS 25040308 Avast One versions prior to VPS 25040308 Avast Business Antivirus versions prior to VPS 25040308...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 8:48 p.m.40 views

CVE-2026-12031

Google Chrome on Windows before 149.0.7827.115 is affected by CVE-2026-12031 due to an inappropriate implementation in Views that can allow a remote attacker, who has compromised the renderer process, to potentially escape the sandbox via a crafted HTML page. The issue is rated High (CVSS 3.1: AV...

8.3CVSS5.5AI score0.00191EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder