370199 matches found
CVE-2026-54500
Oj (Optimized JSON) is a Ruby gem for JSON parsing/ marshalling. Affects versions prior to 3.17.3 where Oj.load in mode :object reads uninitialized stack memory when a JSON object has a long key (254+ bytes). In ext/oj/intern.c, form_attr() passes an uninitialized stack buffer to rb_intern3(), ca...
CVE-2026-54899
Oj (Optimized JSON) is a Ruby gem for JSON parsing/marshalling. Prior to 3.17.2, disabling symbol_keys on a reused Oj::Parser can cause a heap use-after-free when toggling symbol_keys from true to false: opt_symbol_keys_set frees the internal key cache but does not clear the pointer, so the next ...
CVE-2026-55223
CVE-2026-55223 affects the c3p0 JDBC connection pooling library. Before 0.14.0, c3p0 can enable a deserialization gadget “sink” when combined with other libraries: DataSource.getConnection() and ConnectionPoolDataSource.getPooledConnection() are treated as safe JavaBean properties, but invoking p...
CVE-2026-50110
The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...
CVE-2026-56413
CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...
CVE-2026-56415
The vulnerability CVE-2026-56415 affects the Storage Concentrator (SC & SCVM). The issue is a command injection in the debug.pl script that is reachable without authentication. A remote attacker can send a crafted HTTP request containing a malicious payload which is processed without proper input...
CVE-2026-14156
CVE-2026-14156 : Concrete details across multiple sources show an issue in Google Chrome’s StorageAccessAPI where insufficient policy enforcement enables a remote attacker who compromised a renderer process to bypass same-origin policy via a crafted HTML page. Affected component: StorageAccessAPI...
CVE-2026-14154
Summary: CVE-2026-14154 relates to an insecure DevTools implementation in Google Chrome prior to 150.0.7871.47 that could enable UI spoofing when a user is persuaded to install a malicious Chrome extension. Affected software: Google Chrome (DevTools component) prior to version 150.0.7871.47. Root...
CVE-2026-14153
CVE-2026-14153 affects Google Chrome (Chromium-based) due to an inappropriate implementation in the Glic component prior to Chrome 150.0.7871.47. This flaw allows a remote attacker to perform UI spoofing by convincing a user to engage specific UI gestures via a crafted HTML page. The issue’s impa...
CVE-2026-14155
Technical details are not publicly available in the provided documents for CVE-2026-14155; monitor for updates from the connected sources.
CVE-2026-14151
The connected entries describe CVE-2026-14151 as an issue in Google Chrome’s AI component where an attacker compromising the renderer could potentially escape the sandbox via a crafted HTML page in Chrome prior to version 150.0.7871.47. The affected software is Chrome/Chromium-based, with the roo...
CVE-2026-14152
CVE-2026-14152 involves an out-of-bounds read and write in ANGLE used by Google Chrome. The vulnerability could allow a remote attacker who has compromised the renderer process to potentially escape the Chrome sandbox via a crafted HTML page. The affected component is ANGLE within Chrome, with im...
CVE-2026-14150
CVE-2026-14150 affects Google Chrome’s Speech component and is due to insufficient validation of untrusted input in the renderer. Prior to version 150.0.7871.47, a remote attacker who had already compromised the renderer process could perform UI spoofing via a crafted HTML page. The security rati...
CVE-2026-14148
CVE-2026-14148 : Type Confusion in CSS handling in Google Chrome before version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. The vulnerability is documented across multiple feeds (NVD/ENISA/CVE records) with a Chromi...
CVE-2026-14147
CVE-2026-14147 concerns Google Chrome prior to 150.0.7871.47, where an inappropriate implementation in CSS enables UXSS by a crafted HTML page. The vulnerability permits a remote attacker to inject arbitrary scripts or HTML, potentially affecting user sessions and page content (impacting confiden...
CVE-2026-14149
CVE-2026-14149 is a use-after-free in Chrome’s Linux Audio path prior to 150.0.7871.47, enabling remote code execution via a crafted HTML page. Affected: Google Chrome on Linux; root cause: use-after-free in Audio handling. Impact: arbitrary code execution. Mitigation: update Chrome to 150.0.7871...
CVE-2026-14146
CVE-2026-14146 describes an insecure CSS implementation in Google Chrome prior to 150.0.7871.47. The issue allows a remote attacker to leak cross-origin data through a crafted HTML page, due to an inappropriate CSS implementation. The practical impact is information disclosure of cross-origin dat...
CVE-2026-14144
CVE-2026-14144 relates to Google Chrome desktop, where an issue in the Chromium Views security UI allows UI spoofing via a crafted HTML page. A remote attacker could exploit this after convincing a user to perform specific UI gestures, with exploitation requiring user interaction. Affected versio...
CVE-2026-14145
CVE-2026-14145 corresponds to an UXSS issue in Google Chrome caused by an inappropriate CSS implementation, permitting a remote attacker to inject arbitrary scripts/HTML via a crafted HTML page. Affected software is Chrome (pre-150.0.7871.47). The underlying impact is confined to user-level data ...
CVE-2026-14142
Summary : CVE-2026-14142 describes an inappropriate implementation in Google Chrome’s Extensions prior to 150.0.7871.47, enabling a remote attacker (with renderer access) to spoof the UI via a crafted HTML page. The vulnerability affects Chrome extensions rendering logic and is rated Low severity...