SUSE CVE-2026-11150

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

Chromium: CVE-2026-11150 Inappropriate implementation in XML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-11150

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:15+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-11150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTM...

CVE-2025-11150

creationtimestamp| type| source ---|---|--- 2025-09-30 00:14:57+00:00| seen| https://bsky.app/profile/undercode.bsky.social/post/3lzzam7evml2w...

CVE-2025-11150

...

CVE-2025-11150

CVE-2025-11150 entry is rejected per the initial description.

CVE-2020-11150

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

CVE-2024-11150

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

CVE-2024-11150 WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion

The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletetmpuploadedfile function in all versions up to, and including, 16.6. This makes it possible for unauthenticated attackers to delete arbitrary files o...

CVE-2024-11150

CVE-2024-11150 affects WordPress User Extra Fields (WordPress plugin). The issue is an unauthenticated arbitrary file deletion vulnerability caused by insufficient file path validation in delete_tmp_uploaded_file() across all versions up to and including 16.6. This could allow an unauthenticated ...

WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Arbitrary File Deletion

Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Deletion CVE CVE-2024-11150 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5b9352f46ad9 Credits Chloe Chamberland Require...

CVE-2019-11150

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none...

CVE-2020-11150

CVE-2020-11150 describes an out-of-bounds memory access in the camera driver caused by improper validation of data from UMD, which affects pointer offset manipulation across multiple Snapdragon SKUs (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The issue ...

CVE-2018-11150

CVE-2018-11150 affects Quest DR Series Disk Backup Software prior to 4.0.3.1. The Core Security advisory documents multiple command-injection vulnerabilities in the DR appliances, with CVE-2018-11150 specifically described as a remote command-injection flaw in the replication scheduling subsystem...

CVE-2018-11150

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection issue 8 of 46...

CVE-2017-11150

CVE-2017-11150 affects Synology Office, affecting Document.php in versions 2.2.0-1502 and 2.2.1-1506. A command-injection flaw allows remote authenticated users to execute arbitrary commands by supplying shell metacharacters in the filename of crafted RTF documents. The underlying cause is input ...

CVE-2017-11150

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents...

CVE-2019-11150

CVE-2019-11150 is rejected/not used; this candidate was not assigned to any issues.