Mlflow < 2.11.0 - Path Traversal

A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '' character can be used to insert a path into the fragment, effectively...

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0250...

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

Grafana <= 6.7.1 - Cross-Site Scripting

Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot...

EUVD-2026-34607

Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34471

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

ROS-20260605-73-0070

The vulnerability in Firefox is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service failures...

ROS-20260605-73-0050

The vulnerability of the Canvas2D component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to insufficient testing for unusual or exceptional states. Exploiting this vulnerability can allow an attacker to cause service failures remotely...

ROS-20260605-73-0063

The vulnerability in Firefox is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a remote attacker to cause service failures...

ROS-20260605-73-0015

The vulnerability in ImageMagick7 is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause a service failure...

ROS-20260605-73-0013

The vulnerability in ImageMagick7 is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2026-11056

Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11297

Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. Chromium security severity: Low...

CVE-2026-11277

The issue affects Google Chrome on iOS (Chrome for iOS) prior to version 149.0.7827.53, caused by insufficient policy enforcement in the Chromium-based component. A remote attacker could bypass discretionary access control via a crafted HTML page. The available documents specify the vulnerable pr...

CVE-2026-11263

CVE-2026-11263 affects Google Chrome on Android; insufficient policy enforcement in WebAuthentication allows a renderer-compromised attacker to leak cross-origin data via a crafted HTML page. Impact is limited to data exposure; fix is to upgrade to version 149.0.7827.53 or newer.

CVE-2026-11237

CVE-2026-11237 affects Google Chrome on desktop, where insufficient validation of untrusted input in the Media component allows a remote attacker who has already compromised the renderer process to perform UI spoofing via a crafted HTML page. The vulnerability is mapped to a Chromium/Chrome issue...

CVE-2026-11120

Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11079

CVE-2026-11079 affects Google Chrome before 149.0.7827.53. It involves insufficient validation of untrusted input in Chrome’s Codecs, enabling a remote attacker to trigger an out-of-bounds memory write with a specially crafted video file. The issue is categorized as Medium severity per Chromium n...

CVE-2026-11027

Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...