Linux Distros Unpatched Vulnerability : CVE-2018-16084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default selected dialog button in CustomHandlers in Google Chrome prior to 69.0.3497.81 allowed a remote attacker who convinced the user to perform certain...

Linux Distros Unpatched Vulnerability : CVE-2018-16065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Javascript reentrancy issues that caused a use-after-free in V8 in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to execute arbitrary code...

CVE-2025-8578

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-5280

Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-32961

The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name...

CVE-2025-0445

Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2024-12381

CVE-2024-12381 is a type confusion vulnerability in V8 for Google Chrome before 131.0.6778.139 that could allow a remote attacker to cause heap corruption via a crafted HTML page. The connected release notes confirm the flaw and assign high severity; Debian security advisory also references the i...

Unspecified Vulnerability in Google Chrome (CNVD-2024-44486)

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in versions prior to Google Chrome 130.0.6723.58, which can be exploited by remote attackers to execute arbitrary code via a crafted HTML page...

Google Chrome Code Execution Vulnerability (CNVD-2024-27332)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions of Google Chrome prior to 126.0.6478.54, which can be exploited by an attacker to perform out-of-bounds memory writes via a crafted HTML page...

Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF

Description The plugin does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF attack This PoC disables the User Registration widget. To do so, make a logged in admin open an HTML file containing:...

WP Logs Book <= 1.0.1 - Disable Logging via CSRF

Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Make an admin open an HTML file containing:...

PT-2024-3933 · Google +6 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.141 Microsoft Edge affected versions not specified Description: The issue is related to a use after free vulnerability in the Dawn component, which can be exploited by a remote attacker via a special...

SUSE CVE-2024-2883

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

HALO 2.13.1 CORS Issue

Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted Author: nu11secur1ty Date: 03/15/2024 Vendor: https://www.halo.run/ Software: https://github.com/halo-dev/halo Reference: https://portswigger.net/web-security/cors Description: The application implements an HTML5...

Design/Logic Flaw

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Low...

Quick Quiz 2.4 File Upload - Remote Code Execution Vulnerability

Title: Quick-Quiz-2.4 File Upload - RCE Author: nu11secur1ty Vendor: https://mediacity.co.in/mediacity/ Software: https://codecanyon.net/item/quick-quiz-laravel-quiz-and-exam-system/21117633?srank=14 Reference: https://portswigger.net/web-security/file-upload,...

Google Chrome Type Obfuscation Vulnerability (CNVD-2023-65154)

Google Chrome is a web browser from Google, an American company. A type obfuscation vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from the presence of type obfuscation in V8, and can be exploited by remote attackers to cause the browser to shut down via a...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up in instructions responsible for freeing memory in Audio. A remote attacker can exploit this vulnerability to...

SUSE CVE-2022-3373

Out of bounds write in V8 in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

Google Chrome V8 Insufficient Data Validation Vulnerability

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A data validation insufficiency vulnerability exists in V8 in versions prior to Google Chrome 88.0.4324.96. An attacker can exploit this to perform out-of-range...