100 matches found
CVE-2026-15109
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-14011
Out of bounds read in SurfaceCapture in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13998
Incorrect security UI in File Input in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14031
CVE-2026-14031 corresponds to an Inappropriate implementation in Google Chrome’s File Input component, allowing a remote attacker to perform UI spoofing through a crafted HTML page. Affected software: Google Chrome (and Chromium-based components) with versions prior to 150.0.7871.47. Root cause (...
Linux Distros Unpatched Vulnerability : CVE-2026-10911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process t...
CVE-2026-11179
Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11175
Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-9959
Race in WebRTC in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-9896
Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in ANGLE in Google Chrome prior to version 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
CVE-2026-8517
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
EUVD-2026-30363
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...
CVE-2026-42961
ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the user may be tricked to do unintended operations...
CVE-2026-8016
Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
PT-2026-37281
Name of the Vulnerable Software and Affected Versions Grav CMS Form plugin versions prior to 9.1.0 Description A Stored Cross-Site Scripting XSS issue exists in the select field template of the Grav CMS Form plugin. Taxonomy tag and category values are rendered using the Twig |raw filter in the...
PT-2026-36594
The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...
PT-2026-31503
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Insufficient validation of untrusted input in WebML could allow a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The security...
PT-2026-30370
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...
CVE-2026-33479
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...
CVE-2026-3909
CVE-2026-3909 is a Google Chrome/Skia vulnerability: an out-of-bounds write in Skia could allow a remote attacker to trigger out-of-bounds memory access via a crafted HTML page. Affects Chrome before 146.0.7680.75; exploits are known to exist in the wild. Chrome/Chromium advisories note that fixe...