749 matches found
CVE-2026-14031
Summary: CVE-2026-14031 affects Google Chrome before 150.0.7871.47. The issue is an inappropriate implementation in the File Input component, enabling a remote attacker to execute a UI spoofing attack via a crafted HTML page. Impact (as described): UI spoofing from a crafted HTML page. Severity l...
CVE-2026-8403
CVE-2026-8403 describes a Stored XSS in Eksagate SYSGUARD 6001 (2.0.2 before 6.1.4.0). The vulnerability stems from improper neutralization of input during web page generation. Affected product is SYSGUARD 6001; vendor is not supported per notes. CVSSv3.1 base score 6.1 (MEDIUM) with Network atta...
Moodle LMS Jmol Plugin <= 6.1 - Cross-Site Scripting
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
Astra Linux – Vulnerability in CGal
There is a code execution vulnerability in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. There is also an oob read vulnerability in NefS2/SNCioparser.h, specifically in the slh-incidentsface function of SNCioParser::readsloop. An attacker can provide malicious input to trigger...
Chromium: CVE-2026-11666 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-50876
A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...
Chromium: CVE-2026-10959 Use after free in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2026-11228
Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
Chromium: CVE-2026-11160 Out of bounds read in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-11293
Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-11160
Out of bounds read in Input in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11293
CVE-2026-11293 affects Google Chrome (desktop) with Chromium, involving a use-after-free in Input that could allow a remote attacker to potentially escape the sandbox via a crafted HTML page. The issue references Chrome versions prior to 149.0.7827.53 and indicates the vulnerability is tied to th...
CVE-2026-10959
Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2019-25737
Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing script tags and event handlers that execute in the admin area, enabling cookie...
CVE-2026-45431
This vulnerability exists in GX Earth ONT models due to improper handling of user-supplied input in multiple diagnostic functions in its web management interface. An authenticated remote attacker could exploit this vulnerability by injecting arbitrary and executing OS commands on the targeted...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from improper implementation of the file input feature, which could allow remote attackers to exploit UI deception through...
Code-Projects Online Hospital Management System SQL注入漏洞
Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the editid...
Chromium: CVE-2026-9997 Use after free in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-9997
Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-9997
Use after free in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...