CVE-2026-5901 vulnerabilities

Vulnerabilities for packages: chromium...

Chromium: CVE-2026-5901 Policy bypass in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Linux Distros Unpatched Vulnerability : CVE-2026-5901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to...

CVE-2026-5901

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-5901

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-5901

CVE-2026-5901 describes insufficient policy enforcement in Chrome’s DevTools prior to 147.0.7727.55, enabling a user-assisted attack where persuading a user to install a malicious extension could bypass enterprise host restrictions for cookie modification via the extension. The affected component...

CVE-2025-5901

TOTOLINK T10 (version 4.1.8cu.5207) is affected by a buffer overflow in the UploadCustomModule function of /cgi-bin/cstecgi.cgi (POST handler). The File parameter manipulation can be exploited remotely; public exploit activity is indicated. Multiple sources corroborate a high-severity, network-ex...

CVE-2020-5901

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system...

DSA-5901-1 mediawiki - security update

Bulletin has no description...

CVE-2024-5901 SiteOrigin Widgets Bundle <= 1.62.2 - Authenticated (Contributor+) Stored Cross-Site Scripting in Image Grid widget

The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid widget in all versions up to, and including, 1.62.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

WordPress SiteOrigin Widgets Bundle Plugin <= 1.62.2 is vulnerable to Cross Site Scripting (XSS)

Software SiteOrigin Widgets Bundle Type Plugin Vulnerable versions = 1.62.2 Fixed in 1.62.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5901 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ee6a602a0665 Credits Ngô Thiên An...

MAL-2024-702 Malicious code in wlwz-2312-5901 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06e56399d2c555df817800d1d9eaee5fb14f8a47e5e6fc30355bbf972576c02e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in wlwz-2312-5901 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 06e56399d2c555df817800d1d9eaee5fb14f8a47e5e6fc30355bbf972576c02e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5901 Cross-site Scripting in pkp/pkp-lib

Cross-site Scripting in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

Ubuntu 20.04 LTS / 22.04 LTS : GnuTLS vulnerability (USN-5901-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5901-1 advisory. Hubert Kario discovered that GnuTLS had a timing side-channel when handling certain RSA messages. A remote attacker could possibly use this issue to...

CVE-2020-5901

CVE-2020-5901 affects NGINX Controller 3.3.0–3.4.0 . An undisclosed API endpoint may enable a reflected Cross‑Site Scripting (XSS) attack; if the victim is logged in as an administrator, this can lead to complete system compromise. The CVSSv3 base score is 9.6 (CRITICAL) with web‑network exposure...

CVE-2017-5901

The CVE-2017-5901 entry concerns the State Bank of India State Bank Anywhere app for iOS (version 5.1.0). The connected documents confirm a root cause in which the app does not verify X.509 certificates from SSL servers, enabling a man-in-the-middle to spoof servers and potentially obtain sensiti...

CVE-2016-5901

CVE-2016-5901 is an XSS vulnerability in IBM Business Process Manager Advanced 8.5.6.0–8.5.7.0 prior to cumulative fix 2016.09. The issue allows remote authenticated users to inject arbitrary web script/HTML via unspecified vectors in a test page. IBM’s bulletin identifies the affected product/ve...

CVE-2015-5901

CVE-2015-5901 affects Apple OS X Finder’s Secure Empty Trash feature, where Trash files may not be securely deleted due to improper deletion, enabling local attackers to read data from storage media (e.g., a flash drive). Affected: OS X versions prior to 10.11. Root cause: implementation failure ...

CVE-2015-5901

The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive...