1162 matches found
CVE-2026-58032
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Api/index.Js. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6,...
EUVD-2026-40496
Inappropriate implementation in Input in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...
CVE-2026-14145
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14000
CVE-2026-14000 affects Google Chrome prior to 150.0.7871.47 due to an inappropriate XML implementation, enabling a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. The issue is documented across multiple sources (NVD, Debian OSV, CVE lists) with the same descrip...
CVE-2026-13835
CVE-2026-13835 : Google Chrome before 150.0.7871.47 is affected by an inappropriate implementation in XML that could allow a remote attacker to trigger heap corruption via a crafted HTML page. Impact is described as high severity; no exploit details are provided in the documents. Remediation: upd...
CVE-2026-13744
Improper neutralization of attacker-controlled content in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. By supplying crafted repository content, project configuration, manifest data, or specification input, an attacker could cause Snowflake CLI to execute unintended SQL i...
SUSE SLES16: WebKitGTK-4.1-lang / WebKitGTK-6.0-lang / etc (SUSE-SU-2026:22212-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22212-1 advisory. This update for webkit2gtk3 fixes the following issues Update to version 2.52.4: - CVE-2026-28847: processing maliciously crafted...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
CVE-2026-50700 Frappe Framework 17.0.0-dev - Stored XSS in frappe.get_avatar image rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...
OESA-2026-2709 flatpak security update
flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Every Flatpak app is able to read and write arbitrary files on the host and execute code in the host context,...
PT-2026-51637
Name of the Vulnerable Software and Affected Versions Budibase server versions prior to 3.39.1 Description An issue exists where the enrichContext function substitutes parameter values into the raw JSON body of a query and then parses the result using JSON.parse. The validateQueryInputs function...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...
Astra Linux – Vulnerability in Samba
A flaw was discovered in the way samba handled file and directory permissions. A authenticated user could exploit this flaw to gain access to certain file and directory information that would otherwise be unavailable to the attacker...
Astra Linux – Vulnerability in xrdp
xrdp is an open-source RDP server. Before version 0.10.5, xrdp contained an unauthenticated stack-based buffer overflow vulnerability. The issue arises from improper bounds checking when processing user domain information during the connection process. If exploited, this vulnerability could allow...
SUSE CVE-2026-12446
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
Exploit for Missing Authentication for Critical Function in Cpanel
CVE-2026-41940 ⚠ This tool is created solely for education...
CVE-2026-0646
The affected product is Rockwell Automation 1794-AENTR adapters (EtherNet/IP). The issue is a denial-of-service caused by improper memory handling of CIP protocol requests in the 1794-AENTR adapter, which can cause the device to fault and drop connections to its linked I/O modules, requiring a ma...
CVE-2026-50889
An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...
webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash
A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...