CVE-2026-25557

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-35271

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

PT-2026-48265

UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1...

PT-2026-47827

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11671

Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11671

Summary: CVE-2026-11671 is a use-after-free in Chrome’s Navigation path that could allow a remote attacker to escape the browser sandbox via a crafted HTML page, affecting Chrome builds prior to 149.0.7827.103. Impact: High (sandbox escape possibility; remote code execution potential) per Chromiu...

Fuel CMS 1.4.7 - SQL Injection

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. id: CVE-2020-17463 info: name: Fuel CMS 1.4.7 - SQL Injection author: Thirukrishnan severity: critical description: | FUEL CMS 1.4.7 allows SQL Injection via the col parameter to...

CVE-2026-11287

An insufficient validation of untrusted input flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502173136...

CVE-2026-11220

An insufficient validation of untrusted input flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487300831...

CVE-2026-11219

An insufficient data validation flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=480074849...

CVE-2026-11025

An insufficient policy enforcement flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497595264...

SUSE CVE-2026-11017

Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-11018

Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-11025

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...