CVE-2026-5903 vulnerabilities

Vulnerabilities for packages: chromium...

CVE-2026-5903

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5903

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5903

creationtimestamp| type| source ---|---|--- 2026-04-08 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260409 2026-04-12 20:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260413 2026-04-14...

CVE-2025-5903

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the...

CVE-2025-5903

creationtimestamp| type| source ---|---|--- 2025-06-10 00:33:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17815 2025-06-10 01:38:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lr7r33mn7b2s...

CVE-2025-5903 TOTOLINK T10 POST Request cstecgi.cgi setWiFiAclRules buffer overflow

A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been classified as critical. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the...

CVE-2025-5903

TOTOLINK T10 4.1.8cu.5207 is affected by a buffer overflow in the function setWiFiAclRules of /cgi-bin/cstecgi.cgi (POST Request Handler). The vulnerability arises from manipulation of the argument desc, enabling a remote attack. Multiple sources (NVD, Red Hat, CNVD, CVE listings, and other natio...

CVE-2018-5903

Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU...

Debian: Security Advisory (DSA-5903-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious code in wlwz-2312-5903 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0544440fe9942d1ce2fd62328be7709e71a852fcbc8bcea896fa1e318139c6d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-704 Malicious code in wlwz-2312-5903 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0544440fe9942d1ce2fd62328be7709e71a852fcbc8bcea896fa1e318139c6d2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-5903

creationtimestamp| type| source ---|---|--- 2024-01-04 13:26:50+00:00| seen| https://t.me/arpsyndicate/2462...

CVE-2023-5903

CVE-2023-5903 is a stored XSS vulnerability in the PKP Web Application Library (pkp-lib) affecting versions before 3.3.0-16. The issue exists in pkp/pkp-lib and stems from insecure handling of stored input (XSS). Public sources consistently state the vulnerable version range as prior to 3.3.0-16....

CVE-2023-5903 Cross-site Scripting (XSS) - Stored in pkp/pkp-lib

Cross-site Scripting XSS - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16...

Ubuntu 20.04 LTS / 22.04 LTS : lighttpd vulnerabilities (USN-5903-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory. It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could...

CVE-2020-5903

creationtimestamp| type| source ---|---|--- 2020-07-03 17:08:12+00:00| seen| https://t.me/cKure/1106 2020-07-06 11:05:19+00:00| published-proof-of-concept| https://t.me/cKure/1145 2024-11-02 15:23:24+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/1378...

CVE-2020-5903

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility...

CVE-2020-5903

CVE-2020-5903 concerns a Cross-Site Scripting (XSS) vulnerability in BIG-IP TMUI/Configuration utility. The issue affects multiple BIG-IP versions where an undisclosed TMUI page improperly handles input, enabling an attacker to execute JavaScript in the context of the logged-in user. In the more ...

CVE-2018-5903

Out of bounds read occurs due to improper validation of array while processing VDEV stop response from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU...