Chromium: CVE-2026-11195 Inappropriate implementation in MHTML

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-11195

creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:24+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918...

Linux Distros Unpatched Vulnerability : CVE-2026-11195

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures t...

CVE-2026-11195

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11195

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

WordPress Email Subscription Popup Plugin <= 1.2.22 is vulnerable to Cross Site Scripting (XSS)

Software Email Subscription Popup Type Plugin Vulnerable versions = 1.2.22 Fixed in 1.2.23 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11195 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 9dcd73e26d76 Credits Peter...

SA40771 - 2017-07 Security Bulletin: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause of this issue is due to incorrect validation of user input sent t...

CVE-2020-11195

creationtimestamp| type| source ---|---|--- 2021-02-22 12:28:00+00:00| seen| https://t.me/cibsecurity/23899...

CVE-2020-11195

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2020-11195

CVE-2020-11195 concerns an out-of-bounds read/write in the Trust Authority (TA) when processing commands from the NS side, caused by an improper length check on command and response buffers. Affected are Snapdragon platforms including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mob...

CVE-2020-17422

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2020-17422

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2020-17422

Foxit Studio Photo information disclosure (CVE-2020-17422) stems from improper validation in EPS file parsing, causing an out-of-bounds read of an allocated structure. Affected versions include Foxit Studio Photo 3.6.6.x; an attacker must lure a user to open a malicious page/file, enabling inform...

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

CVE-2018-11195

Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to the browser "back and refresh" attack. This allows malicious users with physical access to the web browser of a Mahara user, after they have logged in, to potentially gain access to their Mahara...

CVE-2017-11195

Pulse Connect Secure 8.3R1 is affected by a reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is echoed inside an IFRAME when it contains two quotes, with sanitization preventing simple quote closure but allowing javascript: or data: schemes to be abused. Affected component: launchHel...