4187 matches found
CVE-2026-20643
A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Lin...
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
Google Chrome Security Bypass Vulnerability (CNVD-2026-15398)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability caused by insufficient policy enforcement in DevTools, which can be exploited by an attacker to bypass navigation restrictions via specially crafted HTML pages...
Google Chrome Security Bypass Vulnerability (CNVD-2026-16149)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome, which can be exploited by attackers to bypass navigation restrictions via specially crafted HTML pages...
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
CVE-2026-33336 Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
CVE-2026-33336
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
CVE-2026-33336
CVE-2026-33336 affects Vikunja Desktop (Electron wrapper). Starting in 0.21.0 and before 2.2.0, the BrowserWindow runs with nodeIntegration: true and lacks a will-navigate/will-redirect handler, enabling same-window navigations to attacker-controlled origins. A user-generated link in descriptions...
CVE-2026-33336 Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
EUVD-2026-14911
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
CVE-2026-33336 Vikunja Desktop vulnerable to Remote Code Execution via same-window navigation
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
OPENSUSE-SU-2026:20422-1 Security update for chromium
This update for chromium fixes the following issues: Changes in chromium: - Chromium 146.0.7680.153 boo1259964: CVE-2026-4439: Out of bounds memory access in WebGL CVE-2026-4440: Out of bounds read and write in WebGL CVE-2026-4441: Use after free in Base CVE-2026-4442: Heap buffer overflow in CSS...
PT-2026-27444
Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the main BrowserWindow and does not restrict same-window navigations. An attacker who can place a link in...
Chromium: CVE-2026-4451 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0094-1 Rating: important References: 1259964 Cross-References: CVE-2026-4439 CVE-2026-4440 CVE-2026-4441 CVE-2026-4442 CVE-2026-4443 CVE-2026-4444 CVE-2026-4445 CVE-2026-4446 CVE-2026-4447 CVE-2026-4448...
KLA90950 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Base can be exploited to...
SUSE CVE-2026-4451
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-33209
Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.30.3, a reflected cross-site scripting XSS vulnerability exists in the returnto query parameter used in the avo interface. An attacker can craft a malicious URL that injects arbitrary JavaScript, which is execute...
CVE-2026-4451
An insufficient validation of untrusted input flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487768779...
EUVD-2026-13468
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...