33 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-9891
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform ...
DEBIAN-CVE-2026-9891
Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...
CVE-2026-9891
Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...
CVE-2026-9891
CVE-2026-9891 is a use-after-free vulnerability in Chrome’s Extensions component (Chromium) that affects pre-148.0.7778.216 builds. The issue arises when a renderer process is compromised, potentially enabling a sandbox escape via a crafted Chrome Extension. The vulnerability is discussed across ...
CVE-2026-9891
Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...
CVE-2026-9891
Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...
CVE-2026-9891
creationtimestamp| type| source ---|---|--- 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260529 2026-05-28 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260529 2026-05-29...
MiracleLinux 8 : libtasn1-4.13-5.el8_10 (AXSA:2025-9891:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9891:01 advisory. libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS CVE-2024-12133 Tenable has extracted the preceding description block directly...
CVE-2025-9891
creationtimestamp| type| source ---|---|--- 2025-09-17 03:17:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyyur4jjjl2g...
CVE-2025-9891 User Sync – Remote User Sync <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation
The User Sync – Remote User Sync plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the mousersyncformhandler function. This makes it possible for unauthenticated attackers to...
WordPress User Sync – Remote User Sync plugin <= 1.0.2 - Cross-Site Request Forgery to Plugin Deactivation vulnerability
Cross-Site Request Forgery to Plugin Deactivation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin User Sync versions = 1.0.2...
CVE-2024-9891
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7zlcustomhandledeactivationpluginformsubmission function in all versions up to, and including, 2.8.1. This makes it possible for...
CVE-2020-9891
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution...
CVE-2019-9891
The function getoptsimple as described in Advanced Bash Scripting Guide ISBN 978-1435752184 allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo...
CVE-2024-9891
creationtimestamp| type| source ---|---|--- 2024-10-16 05:29:11+00:00| seen| https://t.me/cvedetector/7988...
CVE-2024-9891
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7zlcustomhandledeactivationpluginformsubmission function in all versions up to, and including, 2.8.1. This makes it possible for...
CVE-2024-9891 Multiline files upload for contact form 7 <= 2.8.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Deactivation
The Multiline files upload for contact form 7 plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the mfcf7zlcustomhandledeactivationpluginformsubmission function in all versions up to, and including, 2.8.1. This makes it possible for...
WordPress Multiline files upload for contact form 7 Plugin <= 2.8.1 is vulnerable to Broken Access Control
Software Multiline files upload for contact form 7 Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9891 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c40586cc4d31 Credits...
CVE-2020-9891
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution...
CVE-2020-9891
CVE-2020-9891 corresponds to an out-of-bounds read in audio processing that could lead to arbitrary code execution when processing a maliciously crafted audio file. Apple fixed this issue in iOS/iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, and watchOS 6.2.8 by improving bounds checking. The ...