1200 matches found
Label Studio - Cross-Site Scripting
Versions prior to 1.9.2 have a cross-site scripting XSS vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. id: CVE-2023-47115 info: name: Label Studio - Cross-Site Scripting author: isaca...
AP Pricing Tables Lite <= 1.1.6 - SQL Injection
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins. id: CVE-2023-0900 info: name: AP Pricing Tables Lite = 1.1.6 - SQL Injection author: r3Y3r53 severity: high description: ...
Joomla! Helpdesk Pro plugin <1.4.0 - Local File Inclusion
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the filename parameter in a ticket.downloadattachment task. id: CVE-2015-4074 info: name: Joomla! Helpdesk Pro plugin 1.4.0 - Local File...
Rails File Content Disclosure
Rails 5.2.2.1, 5.1.6.2, 5.0.7.2, 4.2.11.1 and v3 are susceptible to a file content disclosure vulnerability because specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. id: CVE-2019-5418 info: name: Rails File Content Disclosure...
EUVD-2026-40525
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13822
Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. Chromium security severity: High...
CVE-2026-13819
CVE-2026-13819 affects Google Chrome on macOS via ANGLE. The vulnerability is an out-of-bounds memory read in ANGLE that could be triggered by a crafted HTML page when the renderer is compromised, with impact described as high. Remediation: update to Chrome 150.0.7871.47 or later. Exploitation st...
CVE-2026-13814
CVE-2026-13814 affects Google Chrome (Views) with use-after-free in the rendering/Views UI path, prior to 150.0.7871.47. Root cause: use-after-free leading to potential heap corruption. Attack flow requires user interaction (specific UI gestures) and a crafted HTML page; impact is high confidenti...
CVE-2026-13282
Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A out-of-bounds read in Blink within Google Chrome before version 146.0.7680.153 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
“Type Confusion in V8 in Google Chrome” before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Using “after free” in Dawn in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Peer Connection in Google Chrome before version 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
The use of “after free” in Navigation in Google Chrome before version 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
CVE-2026-12458
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
CVE-2026-12449
Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...
CVE-2026-12026
CVE-2026-12026 : Affected product is Google Chrome/Chromium on ChromeOS. The vulnerability is an out-of-bounds read in the Video component, allowing a remote attacker who has compromised the renderer process to read sensitive data from process memory via a crafted HTML page. Root cause described ...
PT-2026-47471
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out-of-bounds read and write issue exists in V8, the JavaScript and WebAssembly engine used by Google Chrome. This flaw allows a remote attacker to execute arbitrary code within the...
SUSE CVE-2026-10959
Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...