6593 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the use of reusing resources after they were released in the base code, which could allow remote attackers who ha...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in Workers, allowing remote attackers who have compromised rendering processes to bypass the...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of extensions. This vulnerability could allow remote attackers to obtain sensitive information from the process...
PT-2026-46832
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description A use after free issue in PDFium allows a remote attacker to execute arbitrary code within a sandbox by using a specially crafted PDF file. Use after free is a memory corruption flaw th...
CVE-2026-30586
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability originated from improper implementations in the base component, and it could allow remote attackers who have compromised...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient execution of the Compositing component’s policies, which could allow remote attackers who have...
PT-2026-45825
Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZE SCHEMA, Memo Rendering Component, and Public/Private Memo View pages...
CVE-2026-30586
This CVE concerns Cross Site Scripting in the open-source project usememos Memos v0.26.0. The vulnerability affects the memo rendering path and related views (SANITIZE_SCHEMA, Memo Rendering Component, and Public/Private Memo View pages). Root cause details are not explicitly provided beyond the ...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a resource management vulnerability. This vulnerability stemmed from a problem with the reusing of resources after they were released in the ANGLE component. This could allow remote...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs in the media component, which could allow a remote attacker with...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability. This vulnerability stemmed from insufficient execution of Web Bluetooth component policies, which could allow remote attackers who have breached the renderi...
Memos 安全漏洞
Memos is an open-source memo center with knowledge management and social features, hosted on a server. Version 0.26.0 of Memos contains a security vulnerability. This vulnerability stems from cross-site scripting vulnerabilities in the SANITIZESCHEMA,Memo Rendering Component, and Public/Private...
react-router 跨站脚本漏洞
react-router is a declarative routing library for React, open-sourced by Remix. Versions of react-router from 7.5.1 to 7.13.1 have a cross-site scripting vulnerability. This vulnerability stems from improper handling of the HTTP Location header value in framework mode with pre-rendering enabled,...
OpenCTI 跨站脚本漏洞
OpenCTI is an open-source network threat intelligence platform developed by OpenCTI. Versions of OpenCTI prior to 7.260227.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the email-message observable body data during its rendering, which coul...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation in the WebShare component, which could allow a remote attacker to escape the...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from a problem with the reusing of resources after they were released by the WebShare component. It could allow remote...
Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-25681)
The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-25681 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...
CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...
CVE-2026-48208
An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...