8007 matches found
SUSE CVE-2026-5891
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-5874
A flaw was found in Google Chrome. A remote attacker could exploit a use-after-free vulnerability in the PrivateAI component by convincing a user to engage in specific user interface UI gestures through a crafted HTML page. This could potentially allow the attacker to bypass the browser's securit...
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...
CVE-2026-33793
An Execution with Unnecessary Privileges vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thus compromising the system. When a configuration that allows unsigned Python op scripts is present o...
CVE-2026-40071
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...
CVE-2026-40071 pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions
pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...
EUVD-2026-20732
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-20727
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-20709
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-20717
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted domain name. Chromium security severity: Low...
EUVD-2026-20722
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-20679
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
pyLoad 安全漏洞
pyLoad is an open-source download manager written in Python. Versions of pyLoad prior to 0.5.0b3.dev97 contained security vulnerabilities. These vulnerabilities stemmed from weak permissions for certain WebUI JSON endpoints, allowing low-privilege authenticated users to perform MODIFY operations...
CVE-2026-5903
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-5906
Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-5897
Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-5899
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-5896
Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. Chromium security severity: Low...
CVE-2026-5878
Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-5880
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...