CVE-2026-10721

Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP object instantiation if a malicious serialized payload has been placed in the database. Thanks XananasX7 f...

CVE-2026-11300

An inappropriate implementation flaw was found in the Permissions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503614310...

CVE-2026-11260

A policy bypass flaw was found in the Permissions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499257860...

CVE-2026-11254

An inappropriate implementation flaw was found in the Permissions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498405554...

CVE-2026-11253

A race flaw was found in the Permissions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498397912...

CVE-2026-7961

An insufficient validation of untrusted input flaw was found in the Permissions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497008295...

Google Chrome Permissions Component Memory Misreference Vulnerability

Google Chrome on Android is an American web browser for Android by Google. A memory misreference vulnerability exists in the Google Chrome Permissions component, which can be exploited by an attacker to execute arbitrary code via specially crafted HTML pages...

Google Chrome on Android 安全漏洞

Google Chrome on Android is an American web browser for Android by Google. A memory misreference vulnerability exists in the Google Chrome Permissions component, which can be exploited by an attacker to execute arbitrary code via specially crafted HTML pages...

EUVD-2007-1246

Malware in sbrugna...

EUVD-2025-16997

Malicious code in bioql PyPI...

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

CVE-2025-0691

Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation...

PT-2025-23929 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.10.0 and earlier Description: The issue is related to improper access control in the permissions component, allowing an authenticated user to bypass the "Edit permission" permission. This is achieved by...

The vulnerability of the Permissions component in Google Chrome and Microsoft Edge browsers allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the Permissions component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code through a specially created web page...

Carson & SAINT SAINT Security Suite Cross-Site Scripting Vulnerability

Carson & SAINT SAINT Security Suite is the U.S. Carson & SAINT a set of vulnerability management, security configuration assessment, penetration testing and other functions of the security suite. A cross-site scripting vulnerability exists in the Permissions component of Carson & SAINT SAINT...

CVE-2020-16278

A cross-site scripting XSS vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link...

Cross site scripting

A cross-site scripting XSS vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link...

CVE-2020-16278

A cross-site scripting XSS vulnerability in the Permissions component in SAINT Security Suite 8.0 through 9.8.20 could allow arbitrary script to run in the context of a logged-in user when the user clicks on a specially crafted link...

CVE-2020-16278

SAINT Security Suite, versions 8.0–9.8.20, contains a cross-site scripting (XSS) vulnerability in the Permissions component that could allow arbitrary script execution in a logged-in user’s context when a user clicks a specially crafted link. The root cause, per CNVD, is a lack of proper validati...