Chromium: CVE-2026-11189 Insufficient validation of untrusted input in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-11189

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:23+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918...

CVE-2025-11189

creationtimestamp| type| source ---|---|--- 2025-10-10 11:11:35+00:00| seen| Telegram/Lui-2TDn8318OEJ6tso5ZzcuUXfND8kuYu0LPIrDB8ip0...

CVE-2025-11189 CVE-2025-11189

The Kiwire Captive Portal contains a reflected cross-site scripting XSS vulnerability within the login-url parameter, allowing for Javascript execution...

EUVD-2017-5633

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-11189

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a denial of service NULL pointer dereference and application crash, which could be relevant...

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

CVE-2024-11189

The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-11189

The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-11189 Social Share And Social Locker – ARSocial < 1.4.2 - Admin+ Stored XSS

The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-11189 Social Share And Social Locker – ARSocial < 1.4.2 - Admin+ Stored XSS

The Social Share And Social Locker WordPress plugin before 1.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-11189

CVE-2024-11189 affects the Social Share And Social Locker – ARSocial WordPress plugin prior to 1.4.2. The issue is insufficient sanitization/escaping of certain settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Public d...

CVE-2020-11189

creationtimestamp| type| source ---|---|--- 2021-03-17 11:31:07+00:00| seen| https://t.me/cibsecurity/25004 2026-01-20 08:04:53+00:00| seen| https://infosec.exchange/users/certvde/statuses/115926387351405846...

CVE-2020-11189

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2020-11189

CVE-2020-11189 is a buffer over-read vulnerability occurring while parsing SDP values due to a missing NULL termination check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wearables). The issue is triggered by network con...

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

CVE-2019-11189

Authentication Bypass by Spoofing in org.onosproject.acl access control and org.onosproject.mobility host mobility in ONOS v2.0 and earlier allows attackers to bypass network access control via data plane packet injection. To exploit the vulnerability, an attacker sends a gratuitous ARP reply tha...

CVE-2019-11189

The CVE describes an Authentication Bypass in ONOS v2.0 and earlier via data plane packet injection. A gratuitous ARP reply can trigger the host mobility application to remove existing access control flow denial rules, and the access control app does not re-install those deny rules, allowing bypa...

CVE-2018-11189

CVE-2018-11189 applies to Quest DR Series Disk Backup Software prior to 4.0.3.1, where multiple command-injection vulnerabilities in the web UI allow an attacker with/without authentication to execute arbitrary commands as root via various API methods. CoreLabs details show a progression of CVEs ...