Lucene search
+L
AttackerkbRecent

75202 matches found

attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14388

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00247EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14384

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14422

Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00271EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14430

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00291EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14420

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14387

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.9AI score0.00276EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14389

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.9AI score0.00242EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14391

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.9AI score0.00233EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14414

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00235EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14429

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00228EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14412

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00237EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14428

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00259EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14382

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14411

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14401

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

8.3CVSS5.8AI score0.00237EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14415

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00253EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14381

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00211EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14407

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

8.8CVSS6.2AI score0.00319EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14409

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

7.5CVSS6.2AI score0.00265EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14383

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00348EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

5.8AI score0.00202EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14410

Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0019EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14427

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS6.1AI score0.00245EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14385

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00327EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 10:20 p.m.7 views

CVE-2026-50283

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:57 p.m.6 views

CVE-2026-55793

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54712

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:15 p.m.7 views

CVE-2026-54704

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.7AI score0.00224EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:12 p.m.7 views

CVE-2026-54263

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS5.5AI score0.00203EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:11 p.m.6 views

CVE-2026-54262

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:10 p.m.8 views

CVE-2026-54261

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:9 p.m.7 views

CVE-2026-54259

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could se...

4.3CVSS5.6AI score0.00162EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:8 p.m.5 views

CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS5.6AI score0.0022EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:3 p.m.5 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:2 p.m.7 views

CVE-2026-54720

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 9:0 p.m.7 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software2
attackerkb
attackerkb
added 2026/07/01 8:47 p.m.6 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 8:44 p.m.6 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References3Affected Software2
attackerkb
attackerkb
added 2026/07/01 8:35 p.m.4 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/...

7.2CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 8:29 p.m.5 views

CVE-2026-54756

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.18, Jodit.configureoptions — and the internal ConfigMerge / ConfigProto helpers — merged user-supplied options into the editor configuration without filtering...

6.3CVSS5.7AI score0.00273EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 8:25 p.m.7 views

CVE-2026-55886

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.setchain, value, obj, which walks the dot-separated chain, creating and following each path segment...

6.3CVSS5.7AI score0.00315EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 8:14 p.m.6 views

CVE-2026-50521

Use after free in Microsoft Edge Chromium-based allows an authorized attacker to execute code over a network...

8.3CVSS5.9AI score0.00823EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 8:12 p.m.4 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

2.3CVSS5.7AI score0.00217EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 8:2 p.m.5 views

CVE-2026-55153

mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation com.mchange.v2.naming.JavaBeanObjectFactory will construct objects of arbitrary classes and initialize...

7.1CVSS5.9AI score0.00327EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/01 7:40 p.m.10 views

CVE-2026-55688

The AsyncHttpClient AHC library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. In versions from 2.0.0 prior to 2.16.0 and from 3.0.0.Beta1 prior to 3.0.11, ThreadSafeCookieStore stored a cookie under the value of its Domain attribute without...

4CVSS5.8AI score0.00179EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 7:34 p.m.8 views

CVE-2026-54908

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Versions prior to 3.1.4 are vulnerable to Remote Denial of Service via panic while parsing a crafted ECDHEPSK ServerKeyExchange message. This issue has been fixed in version 3.1.4...

6.3CVSS5.8AI score0.0032EPSS
Exploits0References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 7:34 p.m.7 views

CVE-2026-14265

Deserialization of untrusted data in the RemoteQueryCachePlugin in Amazon Web Services AWS Advanced JDBC Wrapper 3.3.0 through 4.0.0 might allow an actor with write access to the shared cache infrastructure to execute arbitrary code on application servers that read cached query results via a...

7.7CVSS6.3AI score0.00416EPSS
Exploits0References4Affected Software1
attackerkb
attackerkb
added 2026/07/01 7:27 p.m.6 views

CVE-2026-58593

NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of object.id, but never validates that attributedTo corresponds to the sender. In the object mock, attributedT...

8.7CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/07/01 7:27 p.m.6 views

CVE-2026-58592

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
Total number of security vulnerabilities75202