EUVD-2026-34660

Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. Chromium security severity: Medium...

CVE-2026-11238

CVE-2026-11238 concerns Google Chrome's DevTools. The described issue is an inappropriate implementation in DevTools prior to version 149.0.7827.53, where a user enticed to install a malicious Chrome extension could have potentially sensitive information read from process memory via the crafted e...

CVE-2026-7978

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...

locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

CVE-2026-2315

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2019-12731

The Windows versions of Snapview Mikogo, versions before 5.10.2 are affected by insecure implementations which allow local attackers to escalate privileges...

SUSE CVE-2025-11209

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-59484

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

PT-2025-39225

Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description An issue was found in the Click Plus PLC firmware version 3.60 related to the use of a weak cryptographic algorithm. The software utilizes an insecure implementation of the RSA encryption...

CVE-2025-40918

Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce client nonce is generated from an MD5 hash of the PID, the epoch time and the built-in rand function. The PID will come from a small set of numbers, and the epoch time may be guessed, i...

CVE-2012-2967

Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == equals sign equals sign operator for comparisons, which has unspecified impact and context-dependent attack vectors...

VulnCheck KEV: CVE-2025-4428

Ivanti Endpoint Manager Mobile EPMM contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source...

CVE-2024-11116

CVE-2024-11116 affects Google Chrome (Blink) prior to version 131.0.6778.69. The issue arises from an inappropriate implementation in Blink that allows a remote attacker to induce UI spoofing via a crafted HTML page when a user is guided to perform specific UI gestures. Exploitation details or in...

CVE-2024-11114

CVE-2024-11114 affects Google Chrome/Chromium on Windows, due to an inappropriate implementation in the Views module that can allow a remote attacker who has compromised the renderer to perform a sandbox escape via a crafted HTML page. Affected product/component: Chrome/Chromium rendering/Views. ...

CVE-2024-11111

Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...

CVE-2024-44080

In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format...

CVE-2024-44081

In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format...

CVE-2024-44080

CVE-2024-44080 affects Jitsi Meet prior to 2.0.9779. The giphy image-sharing feature was implemented insecurely, allowing a client to load GIFs from an arbitrary URL when a participant’s message contains a URL encoded in the expected format. The Red Hat entry reiterates this description. Practica...

CVE-2024-44081

CVE-2024-44081 affects Jitsi Meet before 2.0.9779, where the video-file sharing feature is implemented insecurely, causing a client to load videos from an arbitrary URL when a message from another participant contains a URL in the expected encoded format. This vulnerability can enable loading arb...