Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-7998

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2018-25289

Softdisk 3.0.3 contains a buffer overflow vulnerability in the registration code dialog that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by entering a 6000-byte payload in the Registration Name field through the Help...

CVE-2026-1446

The CVE-2026-1446 entry describes a Cross-Site Scripting (XSS) flaw in Esri ArcGIS Pro, affecting version 3.6.0 and earlier. The issue arises when a local attacker (with standard local access) supplies malicious strings that are rendered/executed when a specific ArcGIS Pro dialog is opened. Explo...

EUVD-2008-7266

Malware in sbrugna...

EUVD-2017-16790

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2008-7315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands. CVE-2008-7315 Note that Nessus relies on the presence of the package as report...

CVE-2025-54133

CVE-2025-54133 affects Cursor (code editor with AI features). The vulnerability lies in the MCP (Model Context Protocol) deeplink handler, where clicking a malicious cursor://anysphere.cursor-deeplink/mcp/install link can lead to execution of a full system command without showing the arguments in...

CVE-2023-34642

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker which can then be used to open an unprivileged command prompt...

CVE-2022-41874

Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an Incorrectly-Resolved Name. Due to incorrect escaping of special characters in paths selected via the file dialog and drag and drop functionality, it is...

SUSE CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

JetBrains IntelliJ IDEA 输入验证错误漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language from the Czech company JetBrains. A security vulnerability exists in JetBrains IntelliJ IDEA 2022.2 and earlier versions, which stems from missing email address validation in the "Git User Name Is Not Defined"...

CVE-2019-13679

Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file...

CVE-2008-7315

UI-Dialog 1.09 and earlier allows remote attackers to execute arbitrary commands...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

Opera < 12.02 Truncated Dialog Vulnerability

The version of Opera installed on the remote host is earlier than 12.02 and is, therefore, reportedly affected by a truncated dialog vulnerability. Certain user actions, when combined with specially crafted web pages, can cause displayed dialog boxes to be too small thus allowing the dialog butto...

p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...

CVE-2005-1575

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160...