88945 matches found
CVE-2026-13972
CVE-2026-13972 affects Google Chrome (Paint) prior to version 150.0.7871.47. Root cause: Inappropriate implementation in Paint allowing a remote attacker to trigger UI spoofing through a crafted HTML page. Impact is UI spoofing with no data disclosure or other impacts stated; impact categories in...
CVE-2026-13972
Inappropriate implementation in Paint in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13941
Inappropriate implementation in SiteSettings in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13915
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13912
Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13889
Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-13842
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...
CVE-2026-13838
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13837
Summary: CVE-2026-13837 is a Chrome/Chromium UI spoofing flaw caused by an inappropriate CSS implementation in the browser before version 150.0.7871.47. A remote attacker could lure a user to open a crafted HTML page to spoof UI elements. Affected software: Google Chrome (Chromium-based) prior to...
CVE-2026-13793
Summary: CVE-2026-13793 describes insufficient policy enforcement in SVG handling within Google Chrome prior to 150.0.7871.47. The root cause is faulty SVG policy enforcement, which allowed a remote attacker to leak cross-origin data through a specially crafted HTML page. Impact (as stated): Cros...
CVE-2026-13783
CVE-2026-13783 is a Use-After-Free in Views in Google Chrome affecting versions before 150.0.7871.47. The vulnerability could allow a remote attacker to exploit heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page. Several connected sources (NVD, Debian, EUV...
CVE-2025-71374
CVE-2025-71374 affects picklescan prior to 0.0.29. The library fails to detect the built-in Python profile.Profile.run function when used in pickle reduce methods, enabling remote attackers to craft malicious pickle files that bypass detection and achieve code execution upon deserialization. The ...
ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments
A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...
CVE-2026-12076
Vulnerability summary (CVE-2026-12076): Raytha CMS is affected by a SQL Injection in the OData filter parsing pipeline. The flaw allows a remote, unauthenticated attacker to execute arbitrary SQL against a PostgreSQL database, potentially leading to full database compromise and credential extract...
PT-2026-54144
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Geolocation feature allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, b...
PT-2026-54347
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the SplitView feature allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...
PT-2026-54254
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the PageInfo component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...
PT-2026-54333
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Parser allows a remote attacker to bypass the Content Security Policy CSP, which is a security layer used to detect and mitigate certain types of...
PT-2026-54219
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in CSS allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page...
PT-2026-53980
Name of the Vulnerable Software and Affected Versions IBM watsonx.data intelligence versions 5.2.0 through 5.3.0 Description A remote attacker can obtain sensitive information when the system returns detailed technical error messages in the browser. This exposure of internal data could be leverag...