CVE-2026-11293

Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8513

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

EUVD-2013-6423

Malware in sbrugna...

Duplicate Advisory: Flowise Stored XSS vulnerability through logs in chatbot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-7r4h-vmj9-wg42. This link is maintained to preserve external references. Original Description Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

PT-2025-40840

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.5 Description Flowise has a cross-site scripting XSS issue. This occurs through a FORM element and an INPUT element when an administrator views the chat log. Recommendations Update Flowise to version 3.0.5 or late...

EUVD-2025-32480

Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise versions prior to 3.0.5 that stems from the presence of cross-site scripting in the FORM element and the INPUT element, which could lead to cross-site scripting attacks...

CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

CVE-2024-1548

CVE-2024-1548 describes a spoofing risk where a fullscreen notification could be obscured by a dropdown select input, potentially confusing users. Affected: Firefox <123, Firefox ESR <115.8, Thunderbird

GHSA-QWQH-HM9M-P5HR angular vulnerable to regular expression denial of service via the <input type="url"> element

All versions of the package angular are vulnerable to Regular Expression Denial of Service ReDoS via the element due to the usage of an insecure regular expression in the inputurl functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in...

SUSE CVE-2013-1671

Mozilla Firefox before 21.0 does not properly implement the INPUT element, which allows remote attackers to obtain the full pathname via a crafted web site...

SUSE CVE-2013-6645

Use-after-free vulnerability in the OnWindowRemovingFromRootWindow function in content/browser/webcontents/webcontentsviewaura.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows user-assisted remote attackers to cause a denial of service or...

SUSE CVE-2014-1732

Use-after-free vulnerability in browser/ui/views/speechrecognitionbubbleviews.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that...

SUSE CVE-2018-12360

A use-after-free vulnerability can occur when deleting an input element during a mutation event handler triggered by focusing that element. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60, Thunderbird 52.9, Firefox ESR 60.1, Firefox ESR 52.9, and Firefox...

Ubuntu 20.04 LTS / 22.04 LTS : WebKitGTK vulnerabilities (USN-5867-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5867-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website,...

Fedora 37 : webkitgtk (2023-5210df1dd1)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-5210df1dd1 advisory. Improve GStreamer multimedia playback across the board with improved codec selection logic, better handling of latency, and improving frame discard ...

GHSA-38F9-4VHQ-9CR8 Zen Cart vulnerable to authenticated remote code execution

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...