PULSE
EN VIVO18señales / 24h
FEED
ransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Servicesransomthegentlemen reclama a Military Sealift Command · US · Transportation/Logisticsransomthegentlemen reclama a Advantage Home Health Care · US · Healthcareransomthegentlemen reclama a Sunway Scientific · TW · Manufacturingransomqilin reclama a Cafar · AR · Agriculture and Food Productionransominterlock reclama a Centre for Newcomers · CA · Public Sectorransominterlock reclama a Paragon Store Fixtures · US · Manufacturingransomakira reclama a Westcoast Communication Services · Telecommunicationransomakira reclama a Nesco Bus Maintenance · Transportation/Logisticsransomm3rx reclama a suppcentersa.com · ZA · Business Servicesransomm3rx reclama a arambol.co.uk · GB · Not Foundransomincransom reclama a Kyokuto Kaihatsu Kogyo · JP · Manufacturingransomnova reclama a Phi · Not Foundransomnova reclama a Digipro · Technologyransomnova reclama a Integrated Marketing Services · Business Services
← Todos los CVEs
CVE Watch2 jul 2026

CVE-2026-14110

Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a craf

CVSS

4.3

Medio

EPSS

0.2%

p9

KEV

Exploit Today

3

0-100

Publicado: 30 jun 2026 · Última mod.: 2 jul 2026 · CWE-1021 · CWE-451

EPSS · 30d
0.2%EPSS · 30 días0.2%
2026-07-012026-07-17
Descripción técnica

Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Referencias oficiales
CVEs relacionados
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-416576.1 MED
51.4%
15SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.9d
CVE-2026-585958.1 ALT
37.6%
11Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network.1d
CVE-2026-374707.3 ALT
24.5%
7An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components13d
CVE-2026-409577.5 ALT
23.3%
7o   CVE-2026-40957 is a frameable content vulnerability in the Secure Access server login page prior to 14.55. Attackers with control of a malicious web site could use it to potentially steal credentials from an unwary administrator.1d
CVE-2026-38616.5 MED
22.4%
7LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily inoperable.10d
CVE-2026-450646.1 MED
21.3%
6Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, UrlSanitizer::parse() passes Unicode explicit-direction BiDi formatting characters through into sanitized href and src attributes, allowing sanitized content to display a link destination that visually differs from the actual destination and enabling phishing-style visual spoofing. This issue is fixed in versions 6.4.40, 7.4.12, and 8.0.12.2d