4186 matches found
CVE-2026-5876
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-35571
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...
PT-2026-31494
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A side-channel information leakage issue existed in the Navigation component of Google Chrome. This allowed a remote attacker to leak cross-origin data through a specially crafted HTML...
PT-2026-31495
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A use-after-free issue existed in the Navigation component of Google Chrome. This allowed a remote attacker to potentially execute arbitrary code within a sandbox environment by using a...
PT-2026-31512
Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
PT-2026-31499
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A policy bypass issue existed in LocalNetworkAccess within Google Chrome. A crafted HTML page could allow a remote attacker to bypass navigation restrictions. Recommendations Update...
EUVD-2026-19724
Emissary has Stored XSS via Navigation Template Link Injection...
GHSA-CPM7-CFPX-3HVP Emissary has Stored XSS via Navigation Template Link Injection
Summary Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting XSS against other...
Emissary has Stored XSS via Navigation Template Link Injection
Summary Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting XSS against other...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...
CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...
CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...
CVE-2026-35571
CVE-2026-35571 affects Emissary prior to 8.39.0. Mustache navigation templates interpolated config-controlled link values directly into href attributes without URL scheme validation, allowing an administrator with navItems access to inject javascript: URIs and trigger stored XSS against other aut...
KLA90973 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, obtain sensitive information, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. Policy bypa...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by improper implementation in PDFs. This vulnerability could allow remote attackers to bypass navigation restrictions through specially crafted HTML...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability due to an bypass of the IFrameSandbox policy. This vulnerability could allow remote attackers to bypass navigation restrictions through specially crafted HTM...
chromium -- security fixes
Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by the leakage of side-channel information during navigation. This vulnerability could allow remote attackers to leak cross-source data through...
PT-2026-30890
Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...