CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

EUVD-2026-18819

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

Mozilla Firefox < 68.10.1

The version of Firefox installed on the remote Windows host is prior to 68.10.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-27 advisory. - A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leadi...

Linux Distros Unpatched Vulnerability : CVE-2021-28941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or...

CVE-2024-11556

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

SUSE CVE-2006-4256

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different...

SUSE CVE-2019-13717

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page...

SUSE CVE-2020-6475

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

SUSE CVE-2022-3053

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page...

SUSE CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Apple多款产品安全特征问题漏洞

Apple tvOS and others are products of Apple Inc.Apple tvOS is an operating system for smart TVs.Apple watchOS is an operating system for smart watches.Apple iPadOS is an operating system for iPad tablets. A vulnerability exists in various Apple products due to a security signature issue, which...

DEBIAN-CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox URL bar via a crafted HTML page...

TableOn < 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting issues https://example.com/?tableon-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/...

DEBIAN-CVE-2020-6494

Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Google Chrome for macOS Fullscreen UI Fake Vulnerability

Google Chrome for macOS is a web browser developed by Google for the macOS platform.Fullscreen is one of the fullscreen components. A security vulnerability exists in Fullscreen in versions of Google Chrome prior to 66.0.3359.117 for macOS. A remote attacker can exploit this vulnerability to spoo...

Ignited CMS Cross-Site Request Forgery Vulnerability

Ignited CMS is a content management system CMS. A cross-site request forgery vulnerability exists in Ignited CMS 2017-02-19 and prior versions. A remote attacker can exploit the vulnerability to add a page with the help of ign/index.php/admin/pages/addpage URL...

CVE-2018-4149

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves the "SafariViewController" component. It allows remote attackers to spoof the user interface via a crafted web site that leverages input into a partially loaded page...

CVE-2017-9046

winpm-32.exe in Pegasus Mail aka Pmail v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers th...