38636 matches found
CVE-2026-5283
An inappropriate implementation flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=492131521...
CVE-2026-5282
An out of bounds read flaw was found in the WebCodecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491655161...
CVE-2026-5281
An use after free flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491518608...
CVE-2026-5280
An use after free flaw was found in the WebCodecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491515787...
CVE-2026-5279
An object corruption flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490642836...
CVE-2026-5277
An integer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489791424...
CVE-2026-5274
An integer overflow flaw was found in the Codecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=488596746...
CVE-2026-5275
A heap buffer overflow flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489494022...
CVE-2026-5272
A heap buffer overflow flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491732188...
CVE-2026-5286
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-5284
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-5253 bufanyun HotGo editNotice Endpoint MessageList.vue cross site scripting
A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...
CVE-2026-5253
A weakness has been identified in bufanyun HotGo 1.0/2.0. Affected by this vulnerability is an unknown functionality of the file /web/src/layout/components/Header/MessageList.vue of the component editNotice Endpoint. Executing a manipulation can lead to cross site scripting. The attack can be...
PT-2026-29503
Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A lack of output escaping creates a cross-site scripting XSS vector within the multilingual associations component. Recommendations Update to version 2.3 or later...
PT-2026-29501
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The ajax component was excluded from the default logged-in-user check in the administrative area, which may have been unexpected by third-party developers...
MEPIS RM 安全漏洞
MEPIS RM is a management platform developed by the Slovenian company MEPIS, used for centralized monitoring and remote control of devices. There is a security vulnerability in MEPIS RM, which stems from the hardcoded encryption key present in the Mx.Web.ComponentModel.dll component. This...
OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...
GHSA-JP4J-Q5FC-58GV OpenClaw's Discord component interaction ingress skips guild/channel policy enforcement
Summary Discord button and component interaction ingress did not consistently reapply the same guild and channel policy gates used for normal inbound messages. Impact Users could trigger privileged component actions from contexts that should have been blocked by Discord channel policy. Affected...
org.webjars.npm:angular-tree-component (>=3.2.3 <=3.7.2), org.webjars.npm:chevrotain (>=11.0.3 <=11.1.2) +72 more potentially affected by CVE-2025-13465 +1 more via org.webjars.npm:lodash-es (>=4.17.21 <=4.17.4)
org.webjars.npm:lodash-es MAVEN version =4.17.21, =3.2.3, =11.0.3, =11.0.3, =11.0.3, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =39.0.1, =44.1.0, =39.0.1, =44.3.0 and more Source cves: CVE-2025-13465, CVE-2026-2950 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869624...
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component.
Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none...