CVE-2026-8542

Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2022-38939

Malicious code in bioql PyPI...

CVE-2025-1019

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

CVE-2025-1019 Fullscreen notification not properly displayed

The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability was fixed in Firefox 135 and Thunderbird 135...

CVE-2024-31498

Yubico YubiKey Manager GUI (ykman-gui) for Windows is affected by CVE-2024-31498 when running versions prior to 1.2.6. The issue enables privilege escalation because browser windows can be opened as Administrator if Edge is not used, allowing a local attacker to escalate privileges via the GUI. A...

CVE-2022-28226

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process...

Privilege escalation

Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process...

CVE-2019-10250

UCWeb UC Browser 7.0.185.1002 on Windows uses HTTP for downloading certain PDF modules, which allows MITM attacks...

CVE-2018-18497

Limitations on the URIs allowed to WebExtensions by the browser.windows.create API can be bypassed when a pipe in the URL field is used within the extension to load multiple pages as a single argument. This could allow a malicious WebExtension to open privileged about: or file: locations. This...

Information Disclosure

thunderbird is vulnerable to information disclosure attacks. The vulnerability exists as a use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows...

CVE-2017-0066

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140...

Microsoft Edge Security Bypass Vulnerability (CNVD-2017-03534)

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. A security bypass vulnerability exists in Microsoft Edge. An attacker can exploit the vulnerability to trick users into loading malicious web pages to manipulate...

Google Chrome < 24.0.1312.56 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is earlier than 24.0.1312.56 and is, therefore, affected by the following vulnerabilities : - A use-after-free vulnerability exists related to font handling and canvas. CVE-2013-0839 - An error exists related to URL validation and the...

Design/Logic Flaw

Unspecified vulnerability in an ActiveX control in the Internet Explorer IE plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."...

CVE-2010-3001

Unspecified vulnerability in an ActiveX control in the Internet Explorer IE plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."...

Multiple Web Browsers Window Injection (CVE-2004-1155)

Most modern web browsers support the Dynamic Hypertext Markup Language DHTML application programming interface API. The DHTML API may be utilized to manipulate HTML objects, events, properties and methods exposed by the DHTML object model. The window object offers several methods to manipulate th...

Opera < 8.02 Multiple Vulnerabilities

The remote host is using Opera, an alternative web browser. The version of Opera installed on the remote host contains several flaws. One involves imaging dragging and could result in cross-site scripting attacks and user file retrieval. A second may let attackers spoof the file extension in the...