19966 matches found
CVE-2026-11169
Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...
CVE-2026-11166
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11166
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11166
Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11166
CVE-2026-11166 concerns an Inappropriate implementation in SVG in Google Chrome (Chromium) prior to 149.0.7827.53. The vulnerability allows a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Affected software is Google Chrome’s SVG handling in the Chromium stack...
CVE-2026-11157
Summary: CVE-2026-11157 is a UXSS vulnerability in Google Chrome’s Accessibility feature exploitable via a crafted Chrome Extension. The issue occurs in Chrome builds prior to 149.0.7827.53 and could allow an attacker, by convincing a user to install a malicious extension, to inject arbitrary scr...
CVE-2026-11157
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11157
Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11150
Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11122
Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11122
Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11062
CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...
CVE-2026-11062
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11034
The CVE-2026-11034 entry affects Google Chrome on Android, specifically the Tab Group Sync feature. The issue is insufficient validation of untrusted input, allowing a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious network traffic. Affects Chrome versions before 149.0.78...
CVE-2026-11034
Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...
CVE-2026-10928
Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-10928
Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-10928
Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-10916
This CVE affects Google Chrome DevTools: insufficient validation of untrusted input in DevTools allowed UXSS via a crafted HTML page on renderer-compromised contexts, prior to Chrome 149.0.7827.53. The vulnerability, caused by inadequate input validation in DevTools, could enable a remote attacke...
CVE-2025-67448
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...