SUSE CVE-2017-15396

A stack buffer overflow in NumberingSystem in International Components for Unicode ICU for C/C++ before 60.2, as used in V8 in Google Chrome prior to 62.0.3202.75 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

SUSE CVE-2020-16013

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Brave 安全漏洞

Brave is a fast, private and secure web browser from Brave USA. A security vulnerability exists in Brave Browser versions prior to 1.43.88 that could allow a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file containing an ipfs:// or ipns:// URL...

CVE-2022-44953

webtareas 2.4p5 was discovered to contain a cross-site scripting XSS vulnerability in the component /linkedcontent/listfiles.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking "Add"...

Design/Logic Flaw

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

CVE-2022-1484

CVE-2022-1484 refers to a heap buffer overflow in the Web UI Settings component of Google Chrome before 101.0.4951.41. The vulnerability could allow a remote attacker to potentially trigger heap corruption by presenting a crafted HTML page, with impact described as high for confidentiality, integ...

CVE-2022-32065

CVE-2022-32065 concerns RuoYi v4.7.3 and earlier where an arbitrary file upload in the background management module enables attackers to execute arbitrary code via a crafted HTML file. Affected product/component: RuoYi, background management module; root cause: improper handling/upload of HTML co...

CVE-2020-19289

A stored cross-site scripting XSS vulnerability in the /member/picture/album component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the new album tab...

Mozilla: Variable time processing of cross-origin images during drawImage calls

Side-channel information leakage in graphics in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

UBUNTU-CVE-2019-5830

Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Design/Logic Flaw

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

thunderbird: S/MIME and PGP decryption oracles can be built with HTML emails

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...

UBUNTU-CVE-2017-5121

Inappropriate use of JIT optimisation in V8 in Google Chrome prior to 61.0.3163.100 for Linux, Windows, and Mac allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to the escape analysis phase...

CVE-2016-9629

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service segmentation fault and crash via a crafted HTML page...

CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...