Lucene search
K

91210 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-46552

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in WebAppInstalls allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.19 views

PT-2026-46816

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Side-channel information leakage in Paint allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Side-channel leakage occurs when information is...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References439
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.7 views

PT-2026-46483

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in the Actor component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...

9.6CVSS6.4AI score0.00493EPSS
Exploits0References438
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.8 views

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-25681)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-25681 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.7 views

PT-2026-46504

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue exists in WebRTC, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free is a memory...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.8 views

PT-2026-46424

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in Ozone allows a remote attacker to execute arbitrary code through a crafted HTML page. Use after free is a memory corruption flaw that occurs when an applicatio...

9.6CVSS6.4AI score0.00985EPSS
Exploits0References435
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.20 views

PT-2026-46491

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A type confusion issue exists in the Media component, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Type confusio...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.17 views

PT-2026-46493

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-46492

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow in V8 allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted HTML page. V8 is the open-source high-performance JavaScript a...

9.6CVSS6.4AI score0.00456EPSS
Exploits0References438
Hacker One
Hacker One
added 2026/06/01 5:41 p.m.17 views

PortSwigger Web Security: Incomplete fix for CVE-2022-35406: meta-redirect content-type check bypassable via parameter injection

The fix for CVE-2022-35406 1541301 stops Burp from following a redirect when the response Content-Type/Content-Disposition would prevent HTML rendering. The check substring-matches html in the raw Content-Type instead of parsing the media type. A text/plain response can smuggle the token via a...

4.3CVSS5.8AI score0.00623EPSS
Exploits0
OSV
OSV
added 2026/06/01 11:42 a.m.6 views

BIT-KIBANA-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 11:39 a.m.7 views

BIT-ELK-2026-42401 Improper Neutralization of Input During Web Page Generation in Kibana Leading to Stored HTML Injection

Improper Neutralization of Input During Web Page Generation CWE-79 in Kibana can lead to stored HTML injection. A user with write access to an Elasticsearch index could persist crafted markup which, when subsequently rendered through an affected Kibana view by another user, was not sufficiently...

5.4CVSS5.7AI score0.00141EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/01 11:24 a.m.9 views

CVE-2026-9309

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00157EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 11:24 a.m.10 views

EUVD-2026-33630

Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These parameters could then be used to access internal pages, potentially resulting in arbitrary JavaScrip...

5.4CVSS6AI score0.00157EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 11:24 a.m.31 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

0.00157EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 11:24 a.m.30 views

CVE-2026-9308

CVE-2026-9308 affects Firefox for iOS Reader View. The issue occurs when HTML templates are processed before internal placeholders are replaced, allowing a malicious page to substitute a placeholder with JSON-LD data and potentially execute arbitrary JavaScript. The fix is in Firefox for iOS 151....

5.4CVSS5.9AI score0.00157EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 11:24 a.m.9 views

CVE-2026-9308 Arbitrary JavaScript execution in Reader View due to wrong HTML replacement order

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. This vulnerability was...

5.9AI score0.00157EPSS
Exploits0References2
Mozilla
Mozilla
added 2026/06/01 12:0 a.m.20 views

Security Vulnerabilities fixed in Firefox for iOS 151.2 — Mozilla

Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted with JSON-LD data, potentially resulting in arbitrary JavaScript execution. Firefox for iOS Reader Vi...

5.4CVSS6AI score0.00157EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.15 views

openSUSE 16 Security Update : python-mistune (openSUSE-SU-2026:20827-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20827-1 advisory. This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted...

8.7CVSS5.9AI score0.00481EPSS
Exploits4References19
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.13 views

openSUSE 16 Security Update : python-pytest-html (openSUSE-SU-2026:20839-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20839-1 advisory. Changes in python-pytest-html: - CVE-2026-9277: shell-quote: improper escaping of newlines bsc1266254 Update the vendored shell-quote to 1.8.4 nodemodul...

9.2CVSS5.8AI score0.00848EPSS
Exploits1References3
Rows per page
Query Builder