CVE-2026-8019

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-8019

CVE-2026-8019 describes insufficient policy enforcement in the Chrome WebApp, allowing a remote attacker to trigger UI spoofing through a crafted HTML page in Chrome versions before 148.0.7778.96. The root cause is restricted policy enforcement within WebApp handling. Impact is UI spoofing; no ex...

CVE-2026-8019

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-8019

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439043...

de.digitalcollections.cudami:dc-cudami-server-backend-jdbi (>=6.0.0 <=8.0.3-RC1), de.digitalcollections.cudami:dc-cudami-server-webapp (>=6.0.0 <=6.2.3) +2 more potentially affected by unknown CVE via org.jdbi:jdbi3-freemarker (>=3.30.0 <=3.52.0)

org.jdbi:jdbi3-freemarker MAVEN version =3.30.0, =6.0.0, =6.0.0, =9.0.0, =3.49.4, =3.52.0 Source cves: unknown CVE Source advisory: OSV:GHSA-MGGX-P7JF-JGW4...

de.digitalcollections.cudami:dc-cudami-server-backend-jdbi (>=6.0.0 <=8.0.3-RC1), de.digitalcollections.cudami:dc-cudami-server-webapp (>=6.0.0 <=6.2.3) +2 more potentially affected by unknown CVE via org.jdbi:jdbi3-freemarker (>=3.30.0 <=3.52.0)

org.jdbi:jdbi3-freemarker MAVEN version =3.30.0, =6.0.0, =6.0.0, =9.0.0, =3.49.4, =3.52.0 Source cves: unknown CVE Source advisory: SNYK:JAVA-ORGJDBI-16760722...

PT-2026-38212

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient policy enforcement in WebApp allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via a crafted HTML...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of WebApp policies, which could allow remote attackers to execute UI deception through specially...

org.apache.atlas:atlas-catalog (>=0.8-incubating <=0.8.4), org.apache.atlas:atlas-index-repair-tool (>=2.2.0 <=2.4.0) +2 more potentially affected by CVE-2026-40563 via org.apache.atlas:atlas-repository (>=0.8-incubating <=2.4.0)

org.apache.atlas:atlas-repository MAVEN version =0.8-incubating, =0.8-incubating, =2.2.0, =0.8.3, =0.8-incubating, =2.4.0 Source cves: CVE-2026-40563 Source advisory: SNYK:JAVA-ORGAPACHEATLAS-16422860...

Astra Linux – Vulnerability in Chromium

Chromium: CVE-2021-30622 – Use after free in WebApp installations...

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: tomcat10: tomcat10-10.1.54-1.hum1 noarch tomcat10-admin-webapps-10.1.54-1.hum1 noarch tomcat10-common-10.1.54-1.hum1 noarch tomcat10-docs-webapp-10.1.54-1.hum1 noarch...

org.apache.storm:storm-webapp-bin (>=2.0.0 <=2.8.5) potentially affected by CVE-2026-35565 via org.apache.storm:storm-webapp (>=2.0.0 <=2.8.5)

org.apache.storm:storm-webapp MAVEN version =2.0.0, =2.0.0, =2.8.5 Source cves: CVE-2026-35565 Source advisory: OSV:GHSA-F2HP-QW27-8WFQ...

org.apache.storm:storm-webapp-bin (>=2.0.0 <=2.8.5) potentially affected by CVE-2026-35565 via org.apache.storm:storm-webapp (>=2.0.0 <=2.8.5)

org.apache.storm:storm-webapp MAVEN version =2.0.0, =2.0.0, =2.8.5 Source cves: CVE-2026-35565 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16321660...

org.apache.activemq:activemq-osgi (>=6.0.0 <=6.2.1), org.apache.activemq:activemq-unit-tests (>=6.0.0 <=6.2.1) +4 more potentially affected by CVE-2026-33227 via org.apache.activemq:activemq-stomp (>=6.0.0 <=6.2.1)

org.apache.activemq:activemq-stomp MAVEN version =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.1 - org.fcrepo:fcrepo-jms =7.0.0-RC1 - org.fcrepo:fcrepo-webapp =7.0.0-RC1 Source cves: CVE-2026-33227 Source advisory: SNYK:JAVA-ORGAPACHEACTIVEMQ-15930951...

CVE-2026-35474

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

CVE-2026-35474 WeGIA - Open Redirect - atualizacao redirection - Unvalidated $_GET['redirect']

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

PT-2026-30741

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, open redirect has been found in WeGIA webapp. The redirect parameter is taken directly from $ GET with no URL validation or whitelist check, then used verbatim in a header"Location: ..." call. This vulnerability is fixed in 3.6.9...

CVE-2019-25443

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

CVE-2019-25443

Inventory Webapp is affected by CVE-2019-25443: an SQL injection in add-item.php allows unauthenticated users to manipulate queries via GET parameters (name, description, quantity, cat_id), enabling arbitrary database commands. The vulnerability affects the way input is incorporated into SQL stat...