EUVD-2026-34583

Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34510

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

EUVD-2026-34483

Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

EUVD-2026-34377

Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34365

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...

PT-2026-46922

Name of the Vulnerable Software and Affected Versions Samsung Assistant versions prior to 9.3.14 Description Improper export of android application components in the SmartHomeWidgetReceiver allows a local attacker to execute arbitrary scripts via intent redirection. Intent redirection occurs when...

PT-2026-46923

Name of the Vulnerable Software and Affected Versions Samsung Assistant versions prior to 9.3.14 Description Improper export of Android application components in the ExpressHomeWidgetReceiver allows a local attacker to execute arbitrary script. Recommendations Update to version 9.3.14 or later...

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

EUVD-2026-34845

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

SAMSUNG Assistant 安全漏洞

SAMSUNG Assistant is a device assistance component developed by South Korea’s Samsung Corporation. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the ExpressHomeWidgetReceiver component, which could allow loc...

SAMSUNG Assistant 安全漏洞

SAMSUNG Assistant is a device assistance component developed by South Korean company Samsung. Versions of SAMSUNG Assistant prior to 9.3.14 contained security vulnerabilities. These vulnerabilities stemmed from improper export of the SmartHomeWidgetReceiver component, which could allow local...

PT-2026-46994

Summary The password-reset page rendered the URL token directly into a JavaScript string literal in a server-rendered EJS template. EJS HTML-entity-encodes a fixed set of characters but does not escape single quotes or backslashes, so a crafted token could break out of the JS string context and...

Linux Distros Unpatched Vulnerability : CVE-2026-11062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension ...

Linux Distros Unpatched Vulnerability : CVE-2026-10928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

Linux Distros Unpatched Vulnerability : CVE-2026-10916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer proces...

DEBIAN-CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

DEBIAN-CVE-2026-11186

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-11166

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...