43 matches found
CVE-2026-32732 XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732 XSS in @leanprover/unicode-input-component
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2026-32732
CVE-2026-32732 describes an XSS issue in Lean 4 VS Code Extension caused by the @leanprover/unicode-input-component. The component re-inserted text into the input element as unescaped HTML, making versions 0.1.9 and earlier vulnerable. The issue affects projects using the affected component and c...
PT-2026-25402
Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...
CVE-2024-39236
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/componentmeta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself...
Malicious code in @sporta-technology/rn-components.text-input (npm)
--- -= Per source details. Do not edit below this line.=-...
The vulnerability of the Input component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.
The vulnerability of the Input component in the Linux operating system’s kernel is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...
The vulnerability of graphics drivers in microprogramming software for Intel processors arises from incorrect neutralization of special elements in the output data used by the input component. This allows attackers to exploit their privileges.
The vulnerability of graphic drivers in microprogramming software for Intel processors is related to incorrect neutralization of special elements in the output data used by the input component. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Input component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.
The vulnerability of the Input component in the Linux operating system’s kernel relates to the use of memory after it is freed in the rmiunregisterfunction function. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...
The vulnerability of the lsx_read_w_buf() function in the formats_i.c component of the SoX sound processing program allows a hacker to cause a service failure.
The vulnerability of the lsxreadwbuf function in the formsi.c component of the SoX sound processing program is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows an attacker to cause a service failure using a specially created file...
Code Injection
SquirrellyJS is vulnerable to Code Injection. The vulnerability is due to improper handling of input in the options.varName component of SquirrellyJS, allowing an attacker to inject and execute arbitrary code...
The vulnerability of the XML input component of the software tool for working with Oracle Web Applications and Oracle E-Business Suite desktop integration solutions for enterprise automation activities allows a malicious individual to gain unauthorized access to data or to modify, add, or delete protected data.
The vulnerability of the XML input component of the software tool for working with Oracle Web Applications, a desktop integration system for automating business activities within the Oracle E-Business Suite, is related to insufficient validation of entered data. Exploiting this vulnerability can...
PT-2024-3528 · Oracle · Oracle Web Applications Desktop Integrator
Name of the Vulnerable Software and Affected Versions: Oracle Web Applications Desktop Integrator versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the XML input component of Oracle Web Applications Desktop Integrator, part of the Oracle...
CVE-2024-24512
Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...
The vulnerability of the Input component in the Google Chrome browser allows attackers to perform spoofing attacks.
The vulnerability of the Input component in Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...
PT-2023-5912 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.70 Description: The issue is related to an inappropriate implementation in the Input component of Google Chrome, which allowed a remote attacker to spoof security UI via a crafted HTML page. This cou...
Spoofing Attack
chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in the Input component of the library, which allows an attacker to spoof security UI via a maliciously crafted HTML page...
The vulnerability of the Input component in the Google Chrome browser allows a hacker to replace the user interface.
The vulnerability of the Input component in Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...
PT-2023-5469 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 117.0.5938.62 Description: The issue is related to an inappropriate implementation in the Input component of Google Chrome, which can be exploited by a remote attacker to spoof the security UI via a crafted HTM...
SUSE CVE-2022-2613
Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions...