Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
20 results
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity
Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Num
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: M
An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database.
A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument
A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server
"SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user informati
A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cr
Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi
CVE-2026-11153
CRITICAL CVSS 9.1
Find Similar
Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
A vulnerability was found in Euro Information CIC banque et compte en ligne App 12.56.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the co
Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
← Previous Page 5