5942 matches found
EUVD-2026-41199
Use after free in Dawn in Google Chrome on Mac prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
EUVD-2026-41165
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-14400
Out of bounds write in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-14418
Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-14422
CVE-2026-14422 : Out-of-bounds read and write in Tint components of Google Chrome (Chromium-based) prior to 150.0.7871.46 allows a remote attacker to potentially access memory via a crafted HTML page. The issue affects Chrome versions before the 150.0.7871.46 update. Affected product: Google Chro...
CVE-2026-14382
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
Rocket.Chat - Server-Side Request Forgery (SSRF)
A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1. id: CVE-2024-39713 info: name: Rocket.Chat - Server-Side Request Forgery SSRF author: iamnoooob,rootxharsh,pdresearch severity: high description: | A Server-Side Request Forgery SSRF affects...
MagnusBilling Alarm Module - Cross-Site Scripting
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling Alarm Module modules allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php.This issue affects MagnusBilling-...
Drawio <18.0.4 - Server-Side Request Forgery
Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. id: CVE-2022-1713 info: name: Drawio 18.0.4 - Server-Side Request Forgery author: pikpikcu severity: high...
Zaver - Local File Inclusion
Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. id: CVE-2022-38794 info: name: Zaver - Local File Inclusion author: pikpikcu severity: high description: | Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring. impact: |...
ECShop 4.1.0 - SQL Injection
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. id: CVE-2021-41460 info: name: ECShop 4.1.0 - SQL Injection author: SleepingBag945 severity: high description: | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited ...
Intelbras TIP 200/200 LITE/300 - Local File Inclusion
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 are vulnerable to local file inclusion via the 'page' parameter in /cgi-bin/cgiServer.exx, allowing unauthenticated attackers to read arbitrary files such as /etc/passwd. id: CVE-2020-13886 info: name: Intelbras TIP...
LiquidFiles < 4.2 - User Enumeration via Password Reset
LiquidFiles filetransfer server before 4.2 contains a user enumeration vulnerability caused by distinguishable responses in password reset functionality, letting unauthenticated attackers enumerate valid user accounts, exploit requires no authentication. id: CVE-2025-56132 info: name: LiquidFiles...
AxxonSoft Axxon Next - Local File Inclusion
AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. id: CVE-2018-7467 info: name: AxxonSoft Axxon Next - Local File Inclusion author: 0xAkoko severity: high description: AxxonSoft Axxon Next suffers from a local file inclusion vulnerability. impact: | An attacker can read...
Zoho ManageEngine OpManager - SQL Injection
Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServlet requests, as demonstrated by a /oputilsServlet?action=getAPIKey request that can be leveraged against Firewall Analyzer to add an admin user via /api/json/v2/admin/addUser or conduct a SQL...
MagnusBilling Login Logs - Cross-Site Scripting
Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling login logging allows unauthenticated users to store HTML content in the viewable log component accessible at /mbilling/index.php/logUsers/read" cross-site scripting This vulnerability is...
Infoblox NetMRI < 7.6.1 - Unauthenticated Command Injection in get_saml_request
An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur. id: CVE-2025-32813 info: name: Infoblox NetMRI 7.6.1 - Unauthenticated Command Injection in getsamlrequest author: iamnoooob,pdresearch severity: high description: | An issue was discovere...
Hongjing e-HR 2020 - SQL Injection
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
Lokomedia CMS - Local File Inclusion
A Local File Inclusion LFI vulnerability exists in Lokomedia CMS. The application allows an attacker to include files on the server that should not be accessible, potentially exposing sensitive information. id: CVE-2010-2018 info: name: Lokomedia CMS - Local File Inclusion author: r3Y3r53 severit...
WordPress Media Library Assistant <= 3.34 - SQL Injection
David Lingren Media Library Assistant = 3.34 contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2026-34885 info: name: WordPress Media Library Assistant = 3.34 -...