Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from a problem with UI components that allowed reusing of resources after they were released. This could allow remote...

Google Chrome和gh 安全漏洞

Google Chrome is a web browser developed by Google Inc. In versions of Google Chrome on iOS prior to 148.0.7778.216, there was a security vulnerability. This vulnerability stemmed from the fact that iOS did not initialize certain functions properly, which could allow remote attackers to induce...

PT-2026-44560

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in the Passwords component allows a remote attacker to perform UI spoofing by using a crafted HTML page. Recommendations Update to version...

chromium -- security fixes

Chrome Releases reports: This update includes 151 security fixes: 505077859 Critical CVE-2026-9872: Out of bounds write in GPU. 507365348 Critical CVE-2026-9873: Use after free in Network. 500609038 Critical CVE-2026-9874: Use after free in Dawn. 507508103 Critical CVE-2026-9875: Out of bounds re...

DEBIAN-CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

EUVD-2025-209946

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

CVE-2026-44903

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

EUVD-2026-32008

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

CVE-2026-7251

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...

CVE-2025-36148

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the...

PT-2026-43381

SailingLab AppLock aka com.alpha.applock 4.3.8 for Android allows a local attacker to trigger arbitrary JavaScript execution via BrowserMainActivity, which accepts VIEW intents with javascript: URIs. This unsafe navigation path results in script execution and may allow UI spoofing or privilege...

Prometheus 跨站脚本漏洞

Prometheus is an open-source software developed in the Go language, used to create real-time metric databases built using the HTTP pull model. Versions of Prometheus from 2.49.0 to 3.5.3, as well as versions before 3.11.3, had a cross-site scripting vulnerability. This vulnerability stemmed from...

PT-2026-43279

IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting XSS in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended...

Security Bulletin: A vite-7.1.5.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in vite-7.1.5.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-62522 DESCRIPTION: Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to...

MAL-2026-4321 Malicious code in motion-ui-tool (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21ddce58f1bde22bf0563aee5f71aefe48c82ad61076557935bf8fff16eb9df3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-9396

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...

CVE-2026-9396

The CVE-2026-9396 entry concerns Besen BS20 EV Charging Station firmware (up to 20260426). Affected component: Firmware Version Check. The vulnerability is caused by an issue in the UI layer rendering, where manipulation can cause improper restriction of rendered UI layers. The attack is describe...

CVE-2026-9396 Besen BS20 EV Charging Station Firmware Version Check ui layer

A security flaw has been discovered in Besen BS20 EV Charging Station up to 20260426. Affected by this vulnerability is an unknown functionality of the component Firmware Version Check. The manipulation results in improper restriction of rendered ui layers. The attack can be executed remotely. A...