2558 matches found
Travelpayouts <= 1.1.16 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...
Mlflow < 2.11.0 - Path Traversal
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...
Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...
EUVD-2026-42486
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.115 allowed a local attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-59802
PasswordPusher before 2.8.1 is vulnerable to Redirect-Based XSS due to insufficient validation in the valid_url function, allowing data:text/html URIs in URL push payloads that can execute JavaScript in victims’ browsers when clicked within the trusted domain. Affected versions: before 2.8.1. Roo...
CVE-2026-59802 PasswordPusher < 2.8.1 - Redirect-Based XSS via data URI in URL Push Payload
PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...
EUVD-2026-40710
Insufficient validation of untrusted input in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13872
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. Chromium security severity: Medium...
CVE-2026-14100
CVE-2026-14100 affects Google Chrome’s NetworkCache. Affected component: NetworkCache in Chrome (before version 150.0.7871.47). Root cause: insufficient data validation that enables a remote attacker to leak cross-origin data via a crafted HTML page. Impact: cross-origin data leakage with network...
CVE-2026-13851
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: High...
PT-2026-54252
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient data validation in the Storage component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved...
CVE-2026-13024
An insufficient validation of untrusted input flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517148260...
CVE-2026-13222
The CVE-2026-13222 entry concerns the pretix-oppwa payment integration, where insufficient validation of payment status responses allows reusing a valid payment status across different payments. This could enable an attacker to gain access to multiple valid tickets tied to a single payment. Affec...
CVE-2026-12034
The following flaw was identified in the Chromium browser: Insufficient validation of untrusted input Linux Toolkit Theming. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=519258799...
CVE-2026-12025
The following flaw was identified in the Chromium browser: Insufficient validation of untrusted input Network. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517153191...
Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-12016
The following flaw was identified in the Chromium browser: Insufficient validation of untrusted input DevTools. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=516482138...
CVE-2026-12465
An insufficient validation of untrusted input flaw was found in the Metrics component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=520189702...
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...