2067 matches found
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
EUVD-2026-41597
Insufficient ui warning of dangerous operations in Microsoft Edge Chromium-based allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-14101
An insufficient policy enforcement flaw was found in the Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513454805...
CVE-2026-13871
Insufficient policy enforcement in GuestView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-12459
Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
[SECURITY] Fedora 44 Update: chromium-149.0.7827.114-1.fc44
Chromium is an open-source web browser, powered by WebKit Blink...
Chromium: CVE-2026-11694 Use after free in ServiceWorker
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Google Chrome 代码注入漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a code injection vulnerability, which stems from issues with the lifecycle of SVG objects...
CVE-2026-11184
An insufficient policy enforcement flaw was found in the Actor component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502777516...
CVE-2026-10953
An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=506147564...
CVE-2026-10894
An use after free flaw was found in the Printing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513445101...
Chromium: CVE-2026-10894 Use after free in Printing
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34681
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...
CVE-2026-10998
Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. Chromium security severity: Medium...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. There is a security vulnerability in Google Chrome, which stems from insufficient execution of the CustomTabs component’s strategy...
CVE-2026-38978
Transmission 4.1.1 and earlier is affected by a clickjacking weakness in its browser-facing WebUI and RPC response paths. The CVE entry CVE-2026-38978 records a MEDIUM severity with CVSS v3.1 metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, base score 5.3. Connected sources confirm vulnerable compon...
DEBIAN-CVE-2026-9124
Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
Typosquatting Is No Longer a User Problem. It's a Supply Chain Problem
AI-generated lookalike domains are now embedded inside the third-party scripts running on your web properties. Here's why your current stack can't see them, and what detection actually requires. Download the CISO Expert Guide to Typosquatting in the AI Era → TL;DR Typosquatting is no longer a use...
Astra Linux – Vulnerability in Firefox
When network partitioning was enabled, for example as a result of Enhanced Tracking Protection settings, a TLS error page allowed users to override an error on a domain that had specified HTTP Strict Transport Security. This means that the error should not be overwritten. This issue did not affec...
CVE-2026-8964 Spoofing issue in the Popup Blocker component
Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151...