8007 matches found
CVE-2026-42052
Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...
Nginx UI 信息泄露漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Versions of Nginx UI prior to 2.3.8 had a vulnerability related to information leakage. This vulnerability stemmed from the ability for authenticated users to call the GET /api/settings request to retrieve sensitive configuration values,...
beets 跨站脚本漏洞
Beets is an open-source music collection management and metadata optimization tool developed by Beetbox. Versions of Beets prior to 2.10.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the Web UI’s use of the Underscore template interpolation pattern for handling...
Nginx UI 访问控制错误漏洞
Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementations in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to perform certain UI gestures to bypass download protections through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Media Capture in Google Chrome before version 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through those interactions. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In DevTools of Google Chrome, out-of-bounds memory access prior to version 136.0.7103.59 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
In the UI framework of Google Chrome, using “after free” before version 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
The incorrect security UI in the full-screen UI of Google Chrome prior to version 142.0.7444.59 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Firefox, Thunderbird
If a custom mouse cursor is specified in CSS, under certain circumstances the cursor might be drawn over the browser UI, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in Zabbix
Setting the SMS media allows for setting the GSM modem file. This file is later used as a Linux device. But since everything is a file for Linux, it’s possible to set another file, such as a log file. In this case, Zabbixserver will attempt to communicate with it as a modem. As a result, the log...
Astra Linux – Vulnerability in Chromium
Insecure security interfaces in the Downloads section of Google Chrome on Android before version 92.0.4515.107 allowed a remote attacker to perform domain spoofing through a crafted HTML page...
Astra Linux – Vulnerability in jqueryui
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
[SECURITY] Fedora 42 Update: insight-18.0.50.20260306-3.fc42
Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...
CVE-2026-7596
A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...
CVE-2026-7595
The CVE-2026-7595 affects the NextLevelBuilder UI package ui-ux-pro-max-skill (up to 2.5.0). Affected component: Tailwind Config Generator; vulnerable code: function _format_plugins in .claude/skills/ui-styling/scripts/tailwind_config_gen.py. The manipulation leads to code injection. Impact inclu...