68528 matches found
CVE-2025-12428
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
CVE-2025-12429
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...
CVE-2025-12445
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2025-12443
Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-12438
Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-60876
BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...
CVE-2025-12444
Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2025-12440
Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2025-12436
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2025-12437
Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-12441
Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-12439
Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...
CVE-2025-12435
Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-59777
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
CVE-2025-40108
In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 "serial: qcom-geni: Enable PM runtime for serial driver" and its dependent commit 86fa39dd6fb7 "serial: qcom-geni: Enable Serial on SA8255p Qualcomm platforms" becaus...
CVE-2025-40109
In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...
CVE-2025-12905
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. Chromium security severity: Low...
CVE-2025-12907
Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Chromium security severity: Low...
CVE-2025-64486
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...
CVE-2025-12906
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2025-12910
Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. Chromium security severity: Low...
CVE-2025-12908
Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2025-12911
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2025-12909
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...
CVE-2025-12863
Rejected reason: This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...
CVE-2025-12875
A weakness has been identified in mruby 3.4.0. This vulnerability affects the function aryfillexec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been...
CVE-2025-61261
A reflected cross-site scripting XSS vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload...
CVE-2025-64329
containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is...
CVE-2025-64184
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...
CVE-2025-11756
Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...
CVE-2025-11458
Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
CVE-2025-11460
Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. Chromium security severity: High...
CVE-2025-11209
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11206
Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2025-11205
Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2025-11210
Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11215
Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11208
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11212
Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11211
Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11213
Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-11216
Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. Chromium security severity: Low...
CVE-2025-11219
Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Low...
CVE-2025-11207
Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...
CVE-2024-25621
containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths /var/lib/containerd,...
CVE-2023-43000
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...
CVE-2025-12745
A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function jsarraybufferslice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted to local execution. The exploit has been made available to the public a...
CVE-2025-60753
An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service Out-of-Memory crash...
CVE-2025-46404
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...