2842 matches found
EUVD-2026-34566
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
Linux Distros Unpatched Vulnerability : CVE-2026-11225
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name...
Linux Distros Unpatched Vulnerability : CVE-2026-11105
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process t...
DEBIAN-CVE-2026-11105
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
CVE-2026-11225
CVE-2026-11225 affects Google Chrome WebUI prior to 149.0.7827.53, due to an inappropriate implementation in the WebUI component. The issue allows a remote attacker to perform domain spoofing via a crafted domain name. The vulnerability is categorized as Low severity (Chromium), with an exploit v...
CVE-2026-11225
Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
CVE-2026-11105
This CVE describesInsufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53. A remote attacker that already compromised the renderer process could leak cross-origin data through a crafted HTML page. Affected software is Google Chrome (WebUI component); impact is ...
CVE-2026-11105
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11105
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11105
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11322
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
CVE-2026-11322 Hermes WebUI before 0.51.221 Path Traversal via Symlink Workspace Bypass
Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve...
CVE-2026-46338 vulnerabilities
Vulnerabilities for packages: open-webui...
GHSA-62Q4-447F-WV8H vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2026-46338 vulnerabilities
Vulnerabilities for packages: open-webui...
CVE-2025-41276
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
CVE-2025-41277
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...
CVE-2025-41272
Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...