CVE tracker
344 subscribers
4.68K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2026-58138 - Orkes Conductor 3.21.21 < 3.30.2 Unauthenticated RCE via GraalVM Script Evaluators

CVE ID :CVE-2026-58138
Published : June 30, 2026, 6:44 p.m. | 45 minutes ago
Description :Orkes Conductor 3.21.21 before 3.30.2 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary OS commands by submitting inline workflow definitions containing malicious JavaScript or Python expressions to the workflow API endpoint prior to authentication. Attackers can exploit unsandboxed GraalVM evaluators configured with HostAccess.ALL or allowAllAccess(true) through INLINE, LAMBDA, DO_WHILE, and SWITCH task types to invoke arbitrary system commands via Java reflection or direct subprocess calls.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14136 - Google Chrome iOS UI Spoofing

CVE ID :CVE-2026-14136
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14137 - Google Chrome for iOS UI Spoofing Vulnerability

CVE ID :CVE-2026-14137
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14138 - Google Chrome UI Spoofing Vulnerability

CVE ID :CVE-2026-14138
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14139 - Google Chrome TabStrip UI Spoofing

CVE ID :CVE-2026-14139
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14140 - Google Chrome UI Spoofing

CVE ID :CVE-2026-14140
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14141 - Google Chrome: Domain Spoofing via Security UI Flaw

CVE ID :CVE-2026-14141
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14142 - Google Chrome UI Spoofing

CVE ID :CVE-2026-14142
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14143 - Google Chrome iOS UI Spoofing

CVE ID :CVE-2026-14143
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14144 - Google Chrome UI Spoofing Vulnerability

CVE ID :CVE-2026-14144
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14145 - Google Chrome UXSS

CVE ID :CVE-2026-14145
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14146 - Google Chrome CSS Cross-Origin Data Leak

CVE ID :CVE-2026-14146
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14147 - Google Chrome UXSS

CVE ID :CVE-2026-14147
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14148 - Google Chrome Type Confusion Information Disclosure

CVE ID :CVE-2026-14148
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14149 - Google Chrome Use-After-Free Vulnerability

CVE ID :CVE-2026-14149
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Use after free in Audio in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14150 - Google Chrome UI Spoofing

CVE ID :CVE-2026-14150
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Insufficient validation of untrusted input in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14151 - Google Chrome AI Sandbox Escape

CVE ID :CVE-2026-14151
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in AI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14152 - ANGLE Out-of-Bounds Read/Write Sandbox Escape

CVE ID :CVE-2026-14152
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Out of bounds read and write in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14153 - Google Chrome UI Spoofing Vulnerability

CVE ID :CVE-2026-14153
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14154 - Google Chrome DevTools UI Spoofing

CVE ID :CVE-2026-14154
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-14155 - Google Chrome StorageAccessAPI Cross-Origin Data Leak

CVE ID :CVE-2026-14155
Published : June 30, 2026, 10:39 p.m. | 50 minutes ago
Description :Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...