Lucene search
K
VulnrichmentRecent

161092 matches found

Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14421

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00215EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14413

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14418

Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14402

Uninitialized Use in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00224EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14431

Type Confusion in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14395

Out of bounds write in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.10 views

CVE-2026-14423

Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.10 views

CVE-2026-14400

Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14392

Out of bounds write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14397

Out of bounds write in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14406

Out of bounds read in V8 in Google Chrome prior to 150.0.7871.46 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14416

Out of bounds read in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00243EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14388

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.12 views

CVE-2026-14386

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14396

Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00247EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14422

Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14384

Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14430

Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00291EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14420

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

5.8AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.10 views

CVE-2026-14387

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14389

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00242EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14391

Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.9AI score0.00233EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14414

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00235EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14429

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00228EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14412

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00237EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14428

Insufficient validation of untrusted input in Dawn in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14411

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14382

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00276EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14401

Insufficient validation of untrusted input in ANGLE in Google Chrome on Android prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00237EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14415

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00253EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14381

Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00211EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14409

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.8 views

CVE-2026-14407

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14383

Inappropriate implementation in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

6.2AI score0.00348EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

5.8AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14410

Inappropriate implementation in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.9 views

CVE-2026-14427

Heap buffer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

6.1AI score0.00245EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:21 p.m.5 views

CVE-2026-14385

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

6.1AI score0.00327EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 10:20 p.m.5 views

CVE-2026-50283 Craft CMS: Unauthorized Deletion of Source Assets During File Replacement

Craft CMS is a content management system CMS. Versions 5.0.0-RC1 through 5.9.20, and 4.0.0-RC1 through 4.17.13 contain an authorization issue in the AssetsController::actionReplaceFile that can delete a source asset without source delete permission by supplying both assetId and sourceAssetId...

5.3CVSS5.8AI score0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 9:57 p.m.6 views

CVE-2026-55793 Craft CMS: Stored XSS via Structure entry title in table view

Craft CMS is a content management system CMS. In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under th...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 9:17 p.m.7 views

CVE-2026-54712 OpenTelemetry Javaagent RMI context propagation allows resource exhaustion

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:15 p.m.6 views

CVE-2026-54704 OpenTelemetry Java Instrumentation: JDBC Auto-Instrumentation Logging Clear-Text Passwords

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text...

6.5CVSS5.9AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:12 p.m.4 views

CVE-2026-54263 Wagtail: Reflected XSS in dynamic image URL generator view

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...

7.3CVSS5.7AI score0.00203EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:11 p.m.9 views

CVE-2026-54262 Wagtail: Pages translations can be created without page permissions when using simple_translation

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:10 p.m.6 views

CVE-2026-54261 Wagtail: Improper permission handling in image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not...

6.5CVSS5.6AI score0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:9 p.m.6 views

CVE-2026-54259 Wagtail: Improper restriction handling on Documents and Images chosen endpoints

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could se...

4.3CVSS5.6AI score0.00162EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:8 p.m.6 views

CVE-2026-54260 Wagtail: Denial of service via unbounded filter specs in the image preview

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS5.6AI score0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/01 9:3 p.m.7 views

CVE-2026-14340 An incorrect authorization vulnerability in GitHub Enterprise Server allows issue creation in unrelated public repositories

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/07/01 9:2 p.m.6 views

CVE-2026-54720 Silverstripe Framework: Possible XSS attack through media embed

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In versions prior to 6.2.2, the "Insert media from web" functionality in the CMS is vulnerable to XSS from a specially crafted embed. This issue was fixed in version 6.2.2/...

5.4CVSS5.8AI score0.00263EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/01 9:0 p.m.6 views

CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS5.7AI score0.00196EPSS
Exploits0References2
Total number of security vulnerabilities161092