EUVD-2025-209863

Improper input validation in the AMD Secure Processor ASP PCI driver could allow a local attacker to trigger a Use-After-Free UAF condition, potentially resulting in a loss of platform integrity or crash...

ROS-20260515-73-0045

A vulnerability in the Extensions component of the Google Chrome browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface...

PT-2026-41227

Improper Input validation in the AMD Secure Processor ASP PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service...

ROS-20260515-73-0018

A vulnerability in the Tint component of the Google Chrome browser involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

Medium: nss

Issue Overview: Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. CVE-2026-6766 Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150,...

ROS-20260515-73-0030

A vulnerability in the WebML component of the Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0017

A vulnerability in the Media component of the Google Chrome browser is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0037

A vulnerability in the WebML component of Google Chrome and Microsoft Edge browser is related to an operation exceeding memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0038

A vulnerability in the MediaStream component of Google Chrome and Microsoft Edge browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0052

A vulnerability in the Downloads component of Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to spoof the user interface using a specially crafted HTML page...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleanup order in the Banner component, leading to storage-based cross-site...

ROS-20260515-73-0031

A vulnerability in the WebML component of the Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

PT-2026-41344

Name of the Vulnerable Software and Affected Versions WP Super Edit versions 2.5.4 and earlier Description The FCKeditor component contains an unrestricted file upload flaw. Attackers can upload arbitrary and dangerous file types without validation through the 'filemanager upload' endpoint, which...

GHSA-CQP4-QQVG-3787 Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

NPM: Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order vulnerability discovered by ? in WordPress Npm open-webui versions = 0.7.2...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization order in the Banner component. An attacker can execute arbitrary JavaScript in the context of privileged users by injecting malicious payloads into the banne...

Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. This vulnerability allows a compromised or malicious administrator to plant a malicious payload in the global...

firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

firefox: thunderbird: Other issue in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Other issue in the Libraries component in NSS...