2593 matches found
CVE-2026-11691
CVE-2026-11691 involves Google Chrome’s New Tab Page and is caused by insufficient validation of untrusted input. The vulnerability affects Chrome prior to version 149.0.7827.103, enabling a remote attacker who has compromised the renderer process to leak cross-origin data via a crafted HTML page...
CVE-2026-11660
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-11660
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-11660
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-11660
CVE-2026-11660: Google Chrome’s New Tab Page suffered insufficient validation of untrusted input, enabling a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Affected: Chrome before 149.0.7827.103. Impact: sandbox escape risk; attacker could leverage...
CVE-2026-11660
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...
CVE-2026-11632
Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. of the United States. Google Chrome has a vulnerability related to input validation, which stems from insufficient validation of untrusted inputs by the New Tab Page...
PT-2026-47486
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in the New Tab Page allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted...
PT-2026-47572
AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...
PT-2026-47517
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in the New Tab Page allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML page...
CVE-2026-11227
An incorrect security ui flaw was found in the Tab Hover Cards component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=448421954...
CVE-2026-11222
An incorrect security ui flaw was found in the Tab Strip component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=458442542...
CVE-2026-11034
An insufficient validation of untrusted input flaw was found in the Tab Group Sync component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497934980...
SUSE CVE-2026-11034
Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...
SUSE CVE-2026-11222
Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2026-11227
Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. Chromium security severity: Low...
CVE-2026-9290 WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter
The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the profile template scope function. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files...
CVE-2026-6711
The Website LLMs.txt plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.6. This is due to the use of filterinput without a sanitization filter and insufficient output escaping. This makes it possible for...
CVE-2026-42321
GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...