26 matches found
CVE-2026-9997
An use after free flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513324041...
CVE-2026-9979
An insufficient validation of untrusted input flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511742228...
CVE-2026-9933
An use after free flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=501575979...
CVE-2026-10010
An inappropriate implementation flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513995565...
CVE-2026-9124
An insufficient validation of untrusted input flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496375695...
Chromium: CVE-2026-9124 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-8513
An use after free flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495939973...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
lean4monaco (>=1.1.0 <=1.1.7) potentially affected by CVE-2026-32732 via @leanprover/unicode-input-component (=0.1.9)
@leanprover/unicode-input-component NPM version =0.1.9 is affected by a known vulnerability. The following packages have a transitive dependency on @leanprover/unicode-input-component and may be impacted: - lean4monaco =1.1.0, =1.1.7 Source cves: CVE-2026-32732 Source advisory:...
EUVD-2026-12181
XSS in @leanprover/unicode-input-component...
GHSA-6GGM-PWR9-R5H2 XSS in @leanprover/unicode-input-component
Impact Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as unescaped HTML. Patches The issue has been resolved in 0.2.0. Workarounds Replace the...
CVE-2026-32732
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732 XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732 XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732
CVE-2026-32732 describes an XSS issue in Lean 4 VS Code Extension caused by the @leanprover/unicode-input-component. The component re-inserted text into the input element as unescaped HTML, making versions 0.1.9 and earlier vulnerable. The issue affects projects using the affected component and c...
PT-2026-25402
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/componentmeta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself...
Malicious code in @sporta-technology/rn-components.text-input (npm)
--- -= Per source details. Do not edit below this line.=-...
Code Injection
SquirrellyJS is vulnerable to Code Injection. The vulnerability is due to improper handling of input in the options.varName component of SquirrellyJS, allowing an attacker to inject and execute arbitrary code...
PT-2024-3528 · Oracle · Oracle Web Applications Desktop Integrator
Name of the Vulnerable Software and Affected Versions: Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the XML input component of Oracle Web Applications Desktop Integrator, part of the Oracle...