89932 matches found
CVE-2026-10952
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505231370...
CVE-2026-10950
An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505123022...
CVE-2026-10944
An insufficient policy enforcement flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504215814...
CVE-2026-10915
An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497612174...
CVE-2026-10951
An use after free flaw was found in the Autofill component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505191883...
CVE-2026-11298
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502503860...
CVE-2026-11285
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502090914...
CVE-2026-11302
An insufficient policy enforcement flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504196549...
CVE-2026-10896
An use after free flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513514692...
CVE-2026-11202
An insufficient validation of untrusted input flaw was found in the Chrome for iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505144022...
CVE-2026-11204
An inappropriate implementation flaw was found in the Signin component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505200733...
CVE-2026-11165
An use after free flaw was found in the WebMIDI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502099949...
CVE-2026-44898
A flaw was found in Mistune, a Python Markdown parser. This vulnerability occurs in the rendertocul function, which is responsible for building a table-of-contents. An attacker can craft malicious heading text that, when processed, allows for the injection of arbitrary HTML tags, including script...
CVE-2026-44896
Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...
CVE-2026-44897
A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...
GHSA-2G2G-8P8H-FGWM Twig: XSS in profiler HtmlDumper via unescaped template and profile names
Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...
Twig: XSS in profiler HtmlDumper via unescaped template and profile names
Description Twig\Profiler\Dumper\HtmlDumper writes Profile::getTemplate and Profile::getName straight into its HTML output without escaping: php protected function formatTemplateProfile $profile, $prefix: string return \sprintf'%s└ %s', $prefix, self::$colors'template', $profile-getTemplate; The...
CVE-2026-25680
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...
CVE-2026-30615
A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...
CVE-2026-5090
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...