Lucene search
+L

2608 matches found

nvd
nvd
added 3 days ago4 views

CVE-2026-42447

jadx is a Dex to Java decompiler. Prior to 1.5.6, jadx-gui is affected by an HTML injection vulnerability in the Summary tab because SummaryNode.java appends arches and perArchCount values derived from .so file path components inside an APK into an HTML panel without escaping. A malicious APK wit...

3.6CVSS0.00139EPSS
Exploits0References3
cve
cve
added 2026/07/09 10:27 p.m.12 views

CVE-2026-57501

Summary: CVE-2026-57501 affects Zen, a Firefox-based browser. Before version 1.21.5b, the contextual actions “Open link in glance” and “Split link in new tab” could load a page-controlled link URL with the System principal rather than the originating page’s principal, allowing a malicious page to...

6AI score0.0029EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/09 7:22 a.m.34 views

CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...

5.9CVSS0.00142EPSS
Exploits0References1
cve
cve
added 2026/07/09 7:22 a.m.8 views

CVE-2026-31981

A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....

5.9CVSS6AI score0.00142EPSS
Exploits0References1Affected Software2
nozomi
nozomi
added 2026/07/07 12:0 a.m.5 views

HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0

Summary A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. Impact An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data throug...

5.9CVSS5.9AI score0.00142EPSS
Exploits0Affected Software2
vulnrichment
vulnrichment
added 2026/07/01 6:48 p.m.8 views

CVE-2026-14358 Stored XSS in Wikimedia Chart pie tooltip via Data:*.tab field title

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/01 6:48 p.m.36 views

CVE-2026-14358 Stored XSS in Wikimedia Chart pie tooltip via Data:*.tab field title

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Charts Extension allows Cross-Site Scripting XSS. This issue affects Mediawiki - Charts Extension: from before 1.43.9,1.44.6,1.45.4...

6.9CVSS0.00175EPSS
Exploits0References2
cve
cve
added 2026/07/01 6:48 p.m.23 views

CVE-2026-14358

The CVE-2026-14358 affects the Wikimedia Foundation MediaWiki Charts Extension and indicates a Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. Affected versions are before 1.43.9, 1.44.6, and 1.45.4. The vulnerability is described as a stored XS...

6.9CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40725

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00247EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14080

Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. Chromium security severity: Low...

4.3CVSS0.00181EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14080

Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References1
osv
osv
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-14038

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.3CVSS5.8AI score0.00247EPSS
Exploits0References1
nvd
nvd
added 2026/06/30 11:17 p.m.7 views

CVE-2026-14038

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.3CVSS0.00247EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13984

Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00183EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/30 10:39 p.m.8 views

CVE-2026-14129

Inappropriate implementation in PreviewTab in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.2CVSS5.8AI score0.00154EPSS
Exploits0
debiancve
debiancve
added 2026/06/30 10:39 p.m.5 views

CVE-2026-14038

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

9.3CVSS5.8AI score0.00247EPSS
Exploits0
cve
cve
added 2026/06/30 10:39 p.m.27 views

CVE-2026-14038

CVE-2026-14038 affects Google Chrome’s New Tab Page. The root cause is insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer to potentially escape the sandbox via a crafted HTML page. The vulnerability is addressed in Chrome version 150.0.7871.47 ...

9.3CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/30 10:38 p.m.26 views

CVE-2026-13984

Incorrect security UI in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

0.00183EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.12 views

PT-2026-54404

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the PreviewTab allows a remote attacker to perform UI spoofing via a crafted HTML page. This occurs when a user is convinced to engage in...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.5 views

PT-2026-54313

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the New Tab Page allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HT...

9.8CVSS6AI score0.00413EPSS
Exploits0References447
Rows per page
Query Builder