CVE-2026-5943 Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free Remote Code Execution Vulnerability

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

CVE-2026-5943

Foxit PDF Editor/Reader AcroForm Annotation Use-After-Free vulnerability (CVE-2026-5943) is described as a remote code execution flaw caused by document structural anomalies that cause invalid pointer access when querying page information after scripts modify the document. The affected component ...

EUVD-2026-25829

Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...

CVE-2025-61652

Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from before 1.43.4, 1.44.1...

CVE-2025-61652

CVE-2025-61652 affects Wikimedia Foundation DiscussionTools; vulnerable in DiscussionsTools prior to 1.43.4 and 1.44.1. Connected advisories corroborate affected versions across Debian/Ubuntu and OSV records. The Debian security advisory notes fixes inMediaWiki packages: for the stable/trixie rel...

CVE-2025-12437

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2025-61652

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from before 1.43.4, 1.44.1. CVE-2025-61652 Note that Nessus relies on...

EUVD-2013-6276

Malware in sbrugna...

inDrive: Reflected XSS of media.indrive.com

Vulnerability description not provided...

BIT-MEDIAWIKI-2021-45473

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL aka a page-information sidebar...

MediaWiki < 1.37.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.37. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the handling of theclientURL parameter for the ImportFile page leading to cross site scripting...

CVE-2021-45473

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL aka a page-information sidebar...

DEBIAN-CVE-2021-30594

Use after free in Page Info UI in Google Chrome prior to 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption via physical access to the device...

Google Chrome 资源管理错误漏洞

Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in the Page Info UI in versions prior to Google Chrome 92.0.4515.131. A remote attacker could use this vulnerability to execute arbitrary code or cause a denial of service condition on the system...

OMERO.web 信息泄露漏洞

OMERO.web is a client program from the Open Microscopy Environment team for viewing images on the OMERO server from a web browser. An information disclosure vulnerability exists in OMERO.web that stems from the exposure of page information...

UBUNTU-CVE-2016-2845

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

CVE-2013-6472

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the 1 log API, 2 enhanced RecentChanges, and 3 user watchlists...

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...

XSS in Hot Referrers

To reproduce: 1. Run the following command, replacing \PAGEURL with the URL of a new page and \USERNAME and \PASSWORD with your credentials if anonymous access is not enabled: code:none curl 'PAGEURL' -H 'Referer: https://example.com/x"xx' -u 'USERNAME:PASSWORD' -si code 2. Repeat step 1 a few...