9126 matches found
CVE-2026-14396
CVE-2026-14396 describes an out-of-bounds read in ANGLE used by Google Chrome, allowing a remote attacker to leak cross-origin data via a crafted HTML page. Affected component: ANGLE within Chrome, with the flaw exploitable through networked HTML content. The issue is tied to Chrome versions prio...
CVE-2026-14396
Out of bounds read in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-14384
CVE-2026-14384 describes an out-of-bounds read in ANGLE used by Google Chrome on Windows , affecting versions prior to 150.0.7871.46 . The underlying issue in ANGLE allows a remote attacker to leak cross-origin data via a crafted HTML page . Affected component: ANGLE within Chromium-based Chrome;...
CVE-2026-14384
Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14384
Out of bounds read in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
CVE-2026-55660
CVE-2026-55660 : TinaCMS and Tinacms app prior to versions 2.5.6 / 3.9.3 allow cross-origin postMessage abuse due to window message listeners that do not validate event.origin/source and post to non-specific origins, combined with insufficient URL sanitization in rich-text content. This enables s...
CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...
Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...
EUVD-2026-40432
Flowise before 3.1.2 sets Access-Control-Allow-Origin to a hardcoded wildcard on its text-to-speech TTS generation endpoint packages/server/src/controllers/text-to-speech/index.ts, independent of the server's configured CORS policy. This bypasses the server's otherwise restrictive default CORS...
EUVD-2026-40833
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40842
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40805
Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40803
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40761
Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40785
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40772
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40769
Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...