90277 matches found
CVE-2026-8919
CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...
EUVD-2026-44585
Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...
CVE-2026-48287
CAI Content Credentials is affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue requires user interaction in that a victim must...
CVE-2026-48290
CAI Content Credentials is affected by a Server-Side Request Forgery SSRF vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access o...
CVE-2026-15764
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-15778
CVE-2026-15778 : In Google Chrome, there is insufficient validation of untrusted input in the Navigation component. This allows a remote attacker who has compromised the renderer process to bypass navigation restrictions via a crafted HTML page. The issue affects Chrome versions prior to 150.0.78...
CVE-2026-15777
CVE-2026-15777 – Use-after-free in the Chrome UI on Linux prior to 150.0.7871.125 can allow a remote attacker to induce heap corruption by tricking a user into performing specific UI gestures on a crafted HTML page. Affected product: Google Chrome (Linux UI subsystem). Root cause: use-after-free ...
CVE-2026-15775
The CVE-2026-15775 entry concerns Google Chrome’s V8 engine. Affected component: V8 within Chrome prior to version 150.0.7871.125. The vulnerability allows a remote attacker to bypass the Same Origin Policy via a crafted HTML page, with a High severity per Chromium notes. The available connected ...
CVE-2026-15774
CVE-2026-15774 is a Use-after-free in Skia affecting Google Chrome prior to 150.0.7871.125. The issue could allow a remote attacker (with renderer access) to escape the Chrome sandbox via a crafted HTML page. Public references show a Chrome security update (Stable Channel) and list this CVE among...
CVE-2026-15770
CVE-2026-15770 affects Google Chrome (V8) prior to 150.0.7871.125. The issue is an uninitialized use in V8 that can allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. Impact is confined to information disclosure; no exploit details or in-the-wi...
CVE-2026-48260
Adobe Experience Manager is affected by a DOM-based XSS vulnerability (CVE-2026-48260). The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser. Exploitation requires user interaction (victim visits a crafted page). CVSS v3.1: AV:N/AC:L/PR:L/UI:R...
CVE-2026-48254
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-48254.
CVE-2026-52838
Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...
CVE-2026-52837
Summary: Easy!Appointments
CVE-2026-15692
CVE-2026-15692 affects Tenda BE12 Pro firmware 16.03.66.23. The vulnerability lies in the fromSafeUrlFilter function within /goform/SafeUrlFilter, where manipulating the argument page can cause a stack-based buffer overflow. This can be exploited remotely, and public exploits are available. Conne...
CVE-2026-15691
The CVE-2026-15691 entry concerns Tenda BE12 Pro 16.03.66.23. It affects the function fromSafeClientFilter in /goform/SafeClientFilter; manipulating the argument page causes a stack-based buffer overflow. The vulnerability can be triggered remotely, and a public exploit has been released. The con...
Moodle LTI module Reflected - Cross-Site Scripting
A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...
WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
WordPress Restrict User Access – Membership Plugin with Force versions before 2.6 is vulnerable to Reflected Cross-Site Scripting via the 'ruasection' parameter in the admin level edit page. id: CVE-2024-29138 info: name: WordPress Restrict User Access = 2.5 - Cross-Site Scripting author: Shivam...
XWiki < 14.10.14 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy disabled by default, XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflecte...
FortiWeb - Cross Site Scripting
FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...