CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

37 matches found

CVE-2026-11186

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2

NVD•added yesterday•2 views

CVE-2026-11169

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...

Exploits0References2

NVD•added yesterday•2 views

CVE-2026-11150

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2

NVD•added yesterday•2 views

CVE-2026-11034

Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

Exploits0References2

CVE•added yesterday•5 views

CVE-2026-11186

The CVE-2026-11186 entry concerns Google Chrome and an inappropriate CSS implementation that allowed UXSS (remote script/HTML injection) via a crafted HTML page. Affected software is Chrome before version 149.0.7827.53; the root cause is improper CSS handling leading to arbitrary script/HTML exec...

6AI score

Exploits0References2

ATTACKERKB•added yesterday•3 views

CVE-2026-11157

Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.9AI score

Exploits0References3Affected Software1

Positive Technologies•added yesterday•6 views

PT-2026-46693

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score

Exploits0References3

EUVD•added 2026/05/29 12:38 a.m.•11 views

EUVD-2026-33113

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6AI score0.00028EPSS

Exploits0References3

OSV•added 2026/05/28 11:16 p.m.•4 views

DEBIAN-CVE-2026-9971

5.4CVSS6AI score0.00028EPSS

Exploits0References1

NVD•added 2026/05/06 7:16 p.m.•1 views

CVE-2026-7958

Inappropriate implementation in ServiceWorker in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS0.00017EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 12:35 p.m.•14 views

CVE-2023-45889

A Universal Cross Site Scripting UXSS vulnerability in ClassLink OneClick Extension through 10.8 allows remote attackers to inject JavaScript into any webpage. NOTE: this issue exists because of an incomplete fix for CVE-2022-48612...

6.1CVSS6.6AI score0.00193EPSS

Exploits2References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-6132

Malware in sbrugna...

6.1CVSS7.8AI score0.00346EPSS

Exploits0References13

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2019-5045

Malware in sbrugna...

6.1CVSS6.3AI score0.0024EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-16399

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.0044EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 9:32 a.m.•4 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS6.4AI score0.0044EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 7:35 p.m.•3 views

CVE-2021-29370

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...

6.1CVSS6.5AI score0.00216EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:23 a.m.•5 views

CVE-2019-13607

The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL...

6.1CVSS6.6AI score0.0024EPSS

Exploits1References1

Positive Technologies•added 2024/06/12 12:0 a.m.•2 views

PT-2024-37114

Name of the Vulnerable Software and Affected Versions: LINE client for iOS versions prior to 14.9.0 Description: The in-app browser of the LINE client contains a Universal XSS UXSS vulnerability, allowing for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame fro...

6.1CVSS5.5AI score0.00246EPSS

Exploits0References6

OSV•added 2024/01/22 7:15 p.m.•6 views

CVE-2024-0606

6.1CVSS6.3AI score

Exploits0References2