38 matches found
CVE-2026-49851
Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...
EUVD-2026-31113
Twig: Possible sandbox bypass when using a source policy...
PT-2026-46724
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in Workers allows a remote attacker who has compromised the renderer process to bypass the same origin policy, which is a security mechanism that restric...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the browser’s UI, allowing remote attackers who had infiltrated the rendering process to...
CVE-2026-34775
Electron: nodeIntegrationInWorker was not correctly scoped in shared renderer processes. Affected versions prior to 38.8.6, 39.8.4, 40.8.4, and 41.0.0 may allow workers in frames with nodeIntegrationInWorker: false to gain Node.js integration in certain process-sharing scenarios. This could enabl...
CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...
CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...
Improper Isolation or Compartmentalization
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in...
Improper Isolation or Compartmentalization
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in shared renderer...
Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...
GHSA-XWR5-M59H-VWQR Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes
Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...
Cross-site Scripting (XSS)
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tomarkdown function when serializing attacker-controlled content. An attacker can execute arbitrary HTML or scripts by crafting input containing...
EUVD-2023-2513
Malicious code in bioql PyPI...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to writing beyond the buffer limit, allows attackers to cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules, related to the occurrence of operations outside the buffer in memory, allows attackers to cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to reading data beyond the allowed buffer limits, allows attackers to cause service failures.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to reading data beyond the acceptable buffer limits. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the improper limitation of the visible layers of the user interface. This allows attackers to access confidential data and compromise its integrity.
The vulnerability of the WebPage Rendering Modules in WebKitGTK and WPE WebKit is related to an incorrect limitation on the layers of the user interface that can be rendered. Exploiting this vulnerability allows a remote attacker to gain access to confidential data and compromise its integrity...
The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to the lack of protective measures for web page structures, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...
SUSE CVE-2023-23623
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandb...
GHSA-GXH7-WV9Q-FWFR Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Impact A Content-Security-Policy that disables eval, specifically setting a script-src directive and not providing unsafe-eval in that directive, is not respected in renderers that have sandbox and contextIsolation disabled. i.e. sandbox: false and contextIsolation: false in the webPreferences...