Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher...

CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

The vulnerability of the Accessibility component in Google Chrome browser allows a perpetrator to compromise the rendering process.

The vulnerability of the Accessibility component in Google Chrome is related to improper implementation. Exploiting this vulnerability allows a remote attacker to compromise the rendering process through a specially crafted HTML page...

CVE-2024-40626

Outline is an open source, collaborative document editor. A type confusion issue was found in ProseMirror’s rendering process that leads to a Stored Cross-Site Scripting XSS vulnerability in Outline. An authenticated user can create a document containing a malicious JavaScript payload. When other...

PT-2024-28949

Name of the Vulnerable Software and Affected Versions Outline versions prior to 0.77.3 Description A type confusion issue in ProseMirror's rendering process leads to a Stored Cross-Site Scripting XSS issue. An authenticated user can create a document with a malicious JavaScript payload, which can...

The vulnerability of the Accessibility component in Google Chrome and Microsoft Edge allows a perpetrator to compromise the rendering process.

The vulnerability of the Accessibility component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the rendering process remotely...

The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers allows a hacker to compromise the rendering process.

The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the rendering process through a specially crafted HTML page...

The vulnerability of the Cast component in the Google Chrome browser allows a hacker to compromise the rendering process.

The vulnerability of the Cast component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the rendering process through a specially created HTML page...

CVE-2023-1709

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process...

Stack overflow

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process...

CVE-2023-1709 Datalogics Library APDFL Stack-based Buffer Overflow

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process...

Code injection

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

CVE-2023-23619 Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue...

Exploit for CVE-2022-30507

Description remote code execution RCE by executing javascr...

uBlock 跨站脚本漏洞

uBlock is an open source ad blocker. A security vulnerability exists in uBlock versions prior to 1.41.1, which can be exploited by a remote attacker to run arbitrary code into the browser rendering process via "MessageSender.url"...

CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

CVE-2022-24074

CVE-2022-24074 affects Whale Browser prior to 3.12.129.18, where the default extension Whale Bridge could receive any SendMessage request from the content script itself. This could allow an attacker to control Whale Bridge if the rendering process is compromised. The reported remediation is to up...

CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...

CVE-2022-24071

A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs...