CVE-2026-42214

Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension function interpolates a file's extension directly into a Lua script without sanitization. An attacker can craft a filename whose extension contains Lua code, which...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a resource management vulnerability that stemmed from the reuse of V8 objects after its release. This vulnerability could allow attackers to exploit heap corruption...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by CSS type confusion, which could allow attackers to exploit heap corruption through specially crafted Chrome extensions...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the explodeExtension function. An attacker can access unauthorized files by supplying specially crafted file extensions containing path separators. Details A Directory Traversal attack also known as path traversal...

EUVD-2017-6847

Malware in sbrugna...

EUVD-2016-3890

Malware in sbrugna...

EUVD-2015-1367

Malware in sbrugna...

EUVD-2018-17798

Malware in sbrugna...

EUVD-2025-1678

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-6035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user local file data via a...

CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

Google Chrome < 102.0.5005.61 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 102.0.5005.61. It is, therefore, affected by multiple vulnerabilities as referenced in the 202205stable-channel-update-for-desktop24 advisory. - Use after free in App Service in Google Chrome prior to 102.0.5005.61...

CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...

CVE-2020-6392

Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension...

USN-3844-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restritions, or execute arbitrary code. CVE-2018-12405, CVE-2018-12406, CVE-2018-1240...

CVE-2016-2817

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS UXSS attacks via a craft...