236 matches found
CVE-2025-8881
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2025-8881
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
KLA86542 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Aura can be exploited to cause denial of service or execute...
PT-2025-32961 · Google +1 · Google Chrome +1
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 139.0.7258.127 Description: An inappropriate implementation in the File Picker component allowed a remote attacker to leak cross-origin data. The attack required convincing a user to perform specific UI gesture...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 6 security fixes: 432035817 High CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous on 2025-07-15 433533359 High CVE-2025-8880: Race in V8. Reported by Seunghyun Lee @0x10n on 2025-07-23 435139154 High CVE-2025-8901: Out of bounds...
Google Chrome < 139.0.7258.127 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 139.0.7258.127. It is, therefore, affected by multiple vulnerabilities as referenced in the 202508stable-channel-update-for-desktop12 advisory. - Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a...
Google Chrome < 139.0.7258.127 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 139.0.7258.127. It is, therefore, affected by multiple vulnerabilities as referenced in the 202508stable-channel-update-for-desktop12 advisory. - Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a...
Linux Distros Unpatched Vulnerability : CVE-2021-38504
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after- free could have resulted, leading to memory corruption a...
Linux Distros Unpatched Vulnerability : CVE-2023-4575
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all...
Microsoft OneDrive File Picker Flaw Grants Apps Full Cloud Access — Even When Uploading Just One File
Cybersecurity researchers have discovered a security flaw in Microsoft's OneDrive File Picker that, if successfully exploited, could allow websites to access a user's entire cloud storage content, as opposed to just the files selected for upload via the tool. "This stems from overly broad OAuth...
CVE-2023-43360
Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component...
CVE-2021-23956
An ambiguous file picker design could have confused users who intended to select and upload a single file into uploading a whole directory. This was addressed by adding a new prompt. This vulnerability affects Firefox 85...
CVE-2020-22732
CMS Made Simple CMSMS 2.2.14 allows stored XSS via the Extensions Fie Picker...
Denial Of Service (DoS)
moodle/moodle is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient file size checks in the file picker's unzip functionality. An attacker can cause a denial of service by uploading specially crafted zip files...
BIT-MOODLE-2024-25978 Msa-24-0001: denial of service risk in file picker unzip functionality
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
Uncontrolled Resource Consumption in moodle
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
GHSA-487G-3M3V-HJHQ Uncontrolled Resource Consumption in moodle
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...
UBUNTU-CVE-2024-25978
Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality...