104 matches found
CVE-2026-11105
Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-8021
CVE-2026-8021 is a UI-based script injection (UXSS) in Google Chrome. Multiple connected sources (OSV/DEBIAN-CVE-2026-8021, PT-2026-38214, PTSecurity) confirm: affecting Google Chrome versions prior to 148.0.7778.96, caused by a vulnerability in the browser UI that could execute arbitrary scripts...
Canon多款产品 安全漏洞
Canon imagePRESS and other products are manufactured by Canon, a Japanese company. The Canon imagePRESS is a series of color production digital printing machines. The Canon imageFORCE is a series of color digital printers. The Canon imageRUNNER is a series of color digital printers. Several of...
PSF-0000-CVE-2026-4786
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
PSF-2026-17
Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...
CVE-2026-5891
Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-32633 Glances's Browser API Exposes Reusable Downstream Credentials via `/api/4/serverslist`
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the /api/4/serverslist endpoint returns raw server objects from GlancesServersList.getserverslist. Those objects are mutated in-place during background polling and can contain a uri...
EUVD-2007-6483
Malware in sbrugna...
EUVD-2008-1549
Malware in sbrugna...
EUVD-2008-0950
Malware in sbrugna...
EUVD-2008-0949
Malware in sbrugna...
EUVD-2008-1550
Malware in sbrugna...
EUVD-2008-0948
Malware in sbrugna...
EUVD-2023-55659
Malicious code in bioql PyPI...
Cross-site Scripting (XSS)
Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the plugins and API Browser. An attacker with the FILESCREATE permission can upload and execute arbitrary Javascript, leading to unauthorized action...
CVE-2024-6515
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
Image Access Scan2Net 安全漏洞
Image Access Scan2Net is a scanning software from the German company Image Access. A security vulnerability exists in Image Access Scan2Net, which originates when the scanner device boots into kiosk mode by default and opens the Scan2Net interface in a browser window. The browser is running with...
CVE-2024-6515
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02...
SUSE CVE-2024-5842
Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-32331
IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979...