PT-2026-46751

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the WebUI allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-46742

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Incorrect security UI in the File Input component allows a remote attacker to perform UI spoofing via a crafted HTML page, provided they can convince a user to perform specific UI...

PT-2026-46813

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Wallet allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. Recommendations...

CVE-2026-38978

transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths...

PT-2026-46762

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Media component allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of unreliable inputs, which could allow remote attackers to exploit custom QR codes to...

PT-2026-46475

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A heap buffer overflow occurs in the Media component. This issue allows a remote attacker to execute arbitrary code within a sandbox if a user is convinced to perform specific UI gestur...

CVE-2026-0094

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

CVE-2026-0093

In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0094

Technical details for CVE-2026-0094 are not publicly available in the provided documents; monitor for updates.

CVE-2026-0096

In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0094

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

CVE-2026-0096

In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0094

In getApplicationLabel of KeyChainActivity.java, there is a possible way to trick the user into approving access to certificates due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

CVE-2026-0093

In multiple locations, there is a possible misleading UI due to obfuscation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0093

Technical details for CVE-2026-0093 are not publicly available in the provided documents (no affected products, fixes, or exploit info). Monitor for updates from official sources.

CVE-2026-0088

The CVE-2026-0088 affects Android’s CertInstaller.getCallingAppLabel, where a misleading or insufficient UI could allow hiding a sensitive security dialogue. This enables local privilege escalation with no extra privileges and no user interaction required for exploitation, as described across NVD...

Missing Authorization

Overview @vitest/ui is an UI for Vitest Affected versions of this package are vulnerable to Missing Authorization through the api and browser.api request handlers in the server and UI components. An attacker can run tests, modify project files, or overwrite snapshots by connecting to an exposed...

CVE-2026-48559

Lightweight Music Server LMS though 3.76.0 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript by embedding malicious HTML in media file metadata tags such as GENRE, ARTIST, or ALBUM. Attackers can introduce a crafted media file into the...

PT-2026-45597

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Obfuscation in multiple locations may result in a misleading user interface. This issue allows for local escalation of privilege without requiring additional execution privileges or...