CVE-2026-5899

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5896

The issue CVE-2026-5896 concerns a policy bypass in Audio in Google Chrome (Chromium) prior to 147.0.7727.55, where a crafted HTML page could lure a user into specific UI gestures to bypass sandbox download restrictions. Connected documents show Chromium/Chrome updates addressing this, with Chrom...

CVE-2026-5895

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...

CVE-2026-5896

Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5891

Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5891

Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5882

Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5882

CVE-2026-5882 affects Google Chrome/Chromium's fullscreen UI, where a crafted HTML page could trigger UI spoofing. The issue is described as an incorrect security UI in fullscreen prior to version 147.0.7727.55. The Chrome stable update 147.0.7727.55 (and related Chromium fixes) addresses this vu...

CVE-2026-5882

Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5882

Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5882

Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5878

Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5874

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5875

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5875

Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-14816

Cleartext Storage of Sensitive Information in GUI vulnerability in Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric MobileHMI versions 10.97.3 and prior, Mitsubishi Electric Hyper Historian versions 10.97.3...

GHSA-RFGH-63MG-8PWM pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

Summary Several WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. Confirmed mismatches: - ADD user can reorder packages/files...

Mitsubishi Electric多款产品 安全漏洞

Mitsubishi Electric MC Works64 is a product of Japanese company Mitsubishi Electric. Mitsubishi Electric MC Works64 is a data acquisition and supervision system SCADA. Mitsubishi Electric GENESIS64 is a SCADA kit. Mitsubishi Electric MobileHMI is a mobile client application. Several products of...

Juniper Junos OS Vulnerability (JSA103142)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA103142 advisory. - An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker ...

PT-2026-31493

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A policy bypass issue existed in Blink, a component of Google Chrome. This allowed a remote attacker to perform UI spoofing by using a specially crafted HTML page. The Chromium security...