DEBIAN-CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

CVE-2026-39900

Cacti versions 1.2.30 and earlier are vulnerable to a Reflected XSS via the tab parameter in the auth_profile.php JavaScript context. The issue is fixed in version 1.2.31. CVSS 4.0 base score 5.3 (Medium) with network vector, low attack complexity, no privileges required, and user interaction req...

CVE-2026-39900 Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

CVE-2026-49220

CVE-2026-49220 affects Jellyfin up to version 10.11.8, where a vulnerability in the AuthenticateByName flow allows a non-privileged user to inject HTML/JavaScript in the Client header that executes in an Administrative user session when accessing a user’s detail from the dashboard. This is a user...

PT-2026-52135

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Reflected Cross-Site Scripting XSS occurs in the JavaScript context of the 'auth profile.php' endpoint through the tab parameter. Reflected XSS is a type of attack where a malicious script is reflecte...

Chromium: CVE-2026-12455 Use after free in Tab Strip

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using Tab Strip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.131, writing out-of-bounds data using Tab groups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write via a crafted HTML page...

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could cause a select dropdown menu to be displayed over another tab; this could lead to user confusion and potential spoofing attacks. This vulnerability affects Firefox 133, Firefox ESR 128.5, Thunderbird 133, and Thunderbird 128.5...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using Tab Strip in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Groups component of Google Chrome prior to version 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Chrome Extension...

Astra Linux – Vulnerability in Thunderbird, Firefox

When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Astra Linux – Vulnerability in Chromium

In Google Chrome, a out-of-bounds read in the Tab Strip feature was exploited before version 92.0.4515.131. This allowed an attacker to convince a user to install a malicious extension, enabling them to perform an out-of-bounds memory read through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Strip component in Google Chrome prior to version 88.0.4324.182 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.77, using “After Free” in TabGroups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in Firefox

By using XSL Transforms, a malicious webserver could serve a user an XSL document that would continue to execute JavaScript within the bounds of the same-origin policy even after the tab was closed. This vulnerability affects Firefox versions earlier than 97...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Tab Strip component in Google Chrome on Windows, prior to version 88.0.4324.182, allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in tab groups in Google Chrome prior to version 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

CVE-2026-12455

An use after free flaw was found in the Tab Strip component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517069848...