CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

Linux Distros Unpatched Vulnerability : CVE-2026-11259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted...

CVE-2026-11036

Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

GHSA-7GMJ-67G7-PHM9 Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

Summary A flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://.localhost/ because those platforms' WebView implementations cannot serve custom URI...

EUVD-2026-18819

A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...

Mozilla Firefox < 68.10.1

The version of Firefox installed on the remote Windows host is prior to 68.10.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2020-27 advisory. - A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leadi...

Linux Distros Unpatched Vulnerability : CVE-2021-28941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of no validation on a curl command in MagpieRSS 0.72 in the /extlib/Snoopy.class.inc file, when you send a request to the /scripts/magpiedebug.php or...

The vulnerability of Google Chrome browsers, related to memory usage after deallocation, allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of Google Chrome relates to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data through a specially crafted HTML page...

CVE-2024-11556

IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...

SUSE CVE-2006-4256

index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different...

SUSE CVE-2019-13717

Incorrect security UI in full screen mode in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to hide security UI via a crafted HTML page...

SUSE CVE-2020-6475

Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page...

SUSE CVE-2022-3053

Inappropriate implementation in Pointer Lock in Google Chrome on Mac prior to 105.0.5195.52 allowed a remote attacker to restrict user navigation via a crafted HTML page...

SUSE CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Apple多款产品安全特征问题漏洞

Apple tvOS and others are products of Apple Inc.Apple tvOS is an operating system for smart TVs.Apple watchOS is an operating system for smart watches.Apple iPadOS is an operating system for iPad tablets. A vulnerability exists in various Apple products due to a security signature issue, which...

DEBIAN-CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox URL bar via a crafted HTML page...

TableOn < 1.0.1 - Reflected Cross-Site Scripting

The plugin does not sanitise or escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting issues https://example.com/?tableon-remote-page=alert/XSS-page/&anchor=1&width=alert/XSS-width/...

DEBIAN-CVE-2020-6494

Incorrect security UI in payments in Google Chrome on Android prior to 83.0.4103.97 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Google Chrome for macOS Fullscreen UI Fake Vulnerability

Google Chrome for macOS is a web browser developed by Google for the macOS platform.Fullscreen is one of the fullscreen components. A security vulnerability exists in Fullscreen in versions of Google Chrome prior to 66.0.3359.117 for macOS. A remote attacker can exploit this vulnerability to spoo...