CVE-2026-7351

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: High...

KLA91010 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Canvas can be exploited remotely to execute arbitrar...

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.138 contained a vulnerability related to competition conditions in the MHTML component. This vulnerability could allow attackers to trick users into installing malicious extensions, thereby...

PT-2026-35851

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.138 Description A race condition in MHTML MIME HTML, a web page archive format allows an attacker to leak cross-origin data. This occurs if an attacker convinces a user to install a crafted malicious...

Google Chrome < 4.9.385.33 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.9.385.33. It is, therefore, affected by multiple vulnerabilities as referenced in the 201603stable-channel-update24 advisory. - The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in...

EUVD-2014-0998

Malware in sbrugna...

EUVD-2016-2745

Malware in sbrugna...

EUVD-2017-9006

Malware in sbrugna...

EUVD-2012-5645

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-5124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a...

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-Ma...

CVE-2023-26292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Cloud Security Gateway CSG Portal on Web Cloud Security Gateway, Email Security Cloud loginsubmit.mhtml modules, Forcepoint Web Security Portal on Hybrid loginsubmit.mhtml modules allows...

PT-2023-20589 · Forcepoint · Forcepoint Web Security +1

Name of the Vulnerable Software and Affected Versions: Forcepoint Cloud Security Gateway CSG versions before 03/29/2023 Forcepoint Web Security versions before 03/29/2023 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected...

SUSE CVE-2014-1747

Cross-site scripting XSS vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS UXSS."...

SUSE CVE-2016-1650

The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in browser/extensions/api/pagecapture/pagecaptureapi.cc in Google Chrome before 49.0.2623.108 allows attackers to cause a denial of service or possibly have unspecified other impact by triggering an error in creating an MHTML document...

SUSE CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

Security Bulletin: Vulnerabilities found in IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2013-4002, CVE-2013-5409, CVE-2013-5405, CVE-2013-5406, CVE-2013-5407, CVE-2013-5411, CVE-2013-5413)

Abstract IBM Sterling B2B Integrator 5.2 and IBM Sterling File Gateway 2.2 are affected by multiple security vulnerabilities. These vulnerabilities include: - Denial of Service - SQL Injection - Cross-Site Scripting - Windows MHTML Cross-Site Scripting - Frame Injection - Link Injection -...

Security bulletin: Multiple vulnerabilities in IBM's Netezza WebAdmin 6.0.5, 6.0.8 and 7.0 (CVE-2012-5760, CVE-2012-5761, CVE-2012-5762, CVE-2012-5763, CVE-2012-5940, CVE-2012-5941)

Abstract Multiple vulnerabilities have been identified in the IBM Netezza WebAdmin application. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-5760 DESCRIPTION: Elements that could modify a SQL command are not neutralized correctly. The attack will not produce any visible outcome/output in the...

Microsoft MSHTML Remote Code Execution Vulnerability

MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...

Exploit Details Emerge for Unpatched Microsoft Bug

New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...