Vulnerabilities
Vulnerable Software
Microsoft:  Security Vulnerabilities
Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.028
Published
2025-12-16
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
CVSS Score
8.1
EPSS Score
0.129
Published
2025-12-16
Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.003
Published
2025-12-12
CVE-2025-14174
Known exploited
Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.224
Published
2025-12-12
Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
6.1
EPSS Score
0.002
Published
2025-12-12
The System Console Utility for Windows is vulnerable to a DLL planting vulnerability
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-12
Uncontrolled Search Path Element vulnerability in Altera High Level Synthesis Compiler on Windows allows Search Order Hijacking.This issue affects High Level Synthesis Compiler: from 19.1 through 24.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-12
The High Level Synthesis Compiler i++ command for Windows is vulnerable to a DLL planting vulnerability
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-12
A potential security vulnerability in Quartus® Prime Pro Edition Design Software may allow escalation of privilege.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-11
Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-12-11


Contact Us

Shodan ® - All rights reserved