21 matches found
CVE-2026-11278 vulnerabilities
Vulnerabilities for packages: chromium...
CVE-2026-11278
creationtimestamp| type| source ---|---|--- 2026-06-05 13:24:40+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-09 18:00:00+00:00| seen|...
CVE-2026-11278
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2024-11278
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2020-11278
Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...
CVE-2024-11278
creationtimestamp| type| source ---|---|--- 2024-11-20 07:03:12+00:00| seen| https://t.me/cvedetector/11557...
CVE-2024-11278
CVE-2024-11278 affects the WordPress plugin GD bbPress Attachments (≤ 4.7.2). The issue is a Reflected Cross-Site Scripting (XSS) caused by inadequate escaping of the URL via add_query_arg, enabling unauthenticated attackers to inject scripts that execute when a user interacts with a crafted link...
CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
CVE-2024-11278 GD bbPress Attachments <= 4.7.2 - Reflected Cross-Site Scripting
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts i...
WordPress GD bbPress Attachments Plugin <= 4.7.2 is vulnerable to Cross Site Scripting (XSS)
Software GD bbPress Attachments Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11278 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 3fddb2474371 Credits Colin Xu...
CVE-2020-11278
creationtimestamp| type| source ---|---|--- 2021-02-22 12:28:18+00:00| seen| https://t.me/cibsecurity/23911...
CVE-2020-11278
Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...
CVE-2020-11278
CVE-2020-11278 affects Qualcomm Snapdragon platforms (Snapdragon Auto, Compute, Connectivity, CE Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wired Infrastructure & Networking). The root cause is improper validation when handling host WMI commands, leading to possible Denial...
CVE-2019-11278 Privilege Escalation via Blind SCIM Injection in UAA
CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with 'client.write' and 'groups.update' can craft a SCIM query, which leaks information that allows an escalation of privileges, ultimately allowing the malicious user to gain control of...
CVE-2019-11278
CVE-2019-11278 affects Cloud Foundry UAA before 74.1.0. A remote attacker with the privileges client.write and groups.update can craft a SCIM query by injecting external input directly into SCIM, causing a leak of information that enables privilege escalation and potential control of UAA scopes. ...
CVE-2019-11278: Privilege Escalation via Blind SCIM Injection in UAA | Cloud Foundry
Severity High Vendor Cloud Foundry Foundation Affected Cloud Foundry Products and Versions UAA Release All versions prior to v74.1.0 Description CF UAA versions prior to 74.1.0, allow external input to be directly queried against. A remote malicious user with ‘client.write’ and ‘groups.update’ ca...
CVE-2018-11278
CVE-2018-11278 affects CAF Venus HW in Android for MSM, Firefox OS for MSM, and QRD Android builds. The vulnerability occurs when Venus HW decodes input bit stream buffers: it searches for a start code, and if the start code is not found in the entire buffer, the implementation may over-fetch bey...
CVE-2017-11278
Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2017-11278
Adobe Digital Editions 4.5.4 and earlier are affected by CVE-2017-11278 (memory corruption vulnerability). Successful exploitation could lead to arbitrary code execution. The connected advisories indicate this was part of APSB17-27 with remediation guidance to upgrade to 4.5.6 or newer on Windows...
Adobe Digital Editions < 4.5.6 Multiple Vulnerabilities (APSB17-27)
The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.6. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-27 advisory. - Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful...