Lucene search
K

110 matches found

Debian CVE
Debian CVE
added 2022/02/12 1:35 a.m.38 views

CVE-2022-0300

Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS9.4AI score0.0075EPSS
Exploits0
Mageia
Mageia
added 2022/02/02 9:29 p.m.86 views

Updated chromium-browser-stable packages fix security vulnerability

CVE-2022-0096: Use after free in Storage. CVE-2022-0097: Inappropriate implementation in DevTools. CVE-2022-0098: Use after free in Screen Capture. CVE-2022-0099: Use after free in Sign-in. CVE-2022-0100: Heap buffer overflow in Media streams API. CVE-2022-0101: Heap buffer overflow in Bookmarks...

9.6CVSS8.5AI score0.85352EPSS
Exploits21References3
Kaspersky
Kaspersky
added 2022/01/26 12:0 a.m.41 views

KLA12435 Multiple vulnerabilities in Opera

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in Task Manager can be exploited to execute arbitrary code or caus...

9.6CVSS9.5AI score0.85352EPSS
Exploits0References4
Veracode
Veracode
added 2022/01/23 11:16 p.m.25 views

Use After Free

Chrome is vulnerable to use after free. The vulnerability exists due to a lack of sanitization in Text Input Method...

8.8CVSS1.7AI score0.0075EPSS
Exploits0References3Affected Software2
Microsoft CVE
Microsoft CVE
added 2022/01/20 8:0 a.m.24 views

Chromium: CVE-2022-0300 Use after free in Text Input Method Editor

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS8.8AI score0.0075EPSS
Exploits0
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2022/01/19 12:0 a.m.184 views

Stable Channel Update for Desktop

The Stable channel has been updated to 97.0.4692.99 for Windows, Mac and Linux which will roll out over the coming days/weeks. Extended stable channel has also been updated to 96.0.4664.110 for Windows and Mac which will roll out over the coming days/weeks A full list of changes in this build is...

9.6CVSS8.9AI score0.85352EPSS
Exploits0Affected Software1
Kaspersky
Kaspersky
added 2022/01/19 12:0 a.m.479 views

KLA12429 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in Service Worker API can be exploited to cause denial of servic...

9.6CVSS9.6AI score0.85352EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/12/16 12:0 a.m.7 views

The vulnerability in the browser text input implementation of Google Chrome allows attackers to disclose protected information.

The vulnerability in the browser text input implementation of Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

9.4CVSS7.5AI score0.00594EPSS
Exploits0References10Affected Software5
Microsoft KB
Microsoft KB
added 2021/12/14 8:0 a.m.63 views

December 14, 2021—KB5008223 (OS Build 20348.405)

December 14, 2021—KB5008223 OS Build 20348.405 11/9/2021 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release known as a “B”...

9.8CVSS8.5AI score0.70966EPSS
Exploits5
OSV
OSV
added 2021/06/21 8:15 p.m.4 views

CVE-2021-24369

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site...

5.4CVSS6AI score0.00624EPSS
Exploits2References1
OSV
OSV
added 2021/05/10 3:38 p.m.4 views

GHSA-4943-9VGG-GR5R Cross-site Scripting in quill

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. No patch exists and no further releases are planned. This CVE is disputed. Researchers have claimed that...

4.2CVSS6.1AI score0.01311EPSS
Exploits1References7
Prion
Prion
added 2021/04/13 8:15 p.m.22 views

Design/Logic Flaw

The Nextcloud dialogs library npm package @nextcloud/dialogs before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to...

4.3CVSS5AI score0.00703EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2020/12/18 12:0 a.m.6 views

Openslide Cross-Site Scripting Vulnerability

Openslide is Openslide organization of a C-based code library used to read slide files . The software supports reading files in svs,tif,vms,vmu,ndpi,scn,mrxs,tiff,svslide,tif,bif,tif formats. A cross-site scripting vulnerability exists in OpenSlides, which stems from insufficient user input...

8.9CVSS7.2AI score0.01104EPSS
Exploits0References6
CNVD
CNVD
added 2020/09/04 12:0 a.m.3 views

Huawei Mate 20 Denial of Service Vulnerability

Huawei Mate 20 is a smartphone launched by Huawei. A denial of service vulnerability exists in versions prior to Huawei Mate 20 10.1.0.163 C00E160R3P8. An attacker can exploit the vulnerability by entering a large amount of text to cause a denial of service...

2.4CVSS6.6AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2020/09/03 7:15 p.m.3 views

CVE-2020-9083

HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163C00E160R3P8 have a denial of service DoS vulnerability. The attacker can enter a large amount of text on the phone. Due to insufficient verification of the parameter, successful exploitation can impact the service...

2.4CVSS5.8AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/04/16 4:30 p.m.15 views

CVE-2020-11813

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous...

5.2AI score0.00516EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2019/08/12 12:0 a.m.4 views

PT-2019-7263 · WordPress · Ultimate Member

Name of the Vulnerable Software and Affected Versions: ultimate-member plugin versions prior to 1.3.18 Description: The issue is related to a Cross-Site Scripting XSS vulnerability, which occurs when an application includes user input in its output without proper validation or sanitization,...

6.1CVSS5.8AI score0.01046EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/08/12 12:0 a.m.28 views

NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0110)

The remote NewStart CGSL host, running version MAIN 4.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox E...

10CVSS8AI score0.18756EPSS
Exploits43References57
CVE
CVE
added 2018/12/17 6:0 p.m.69 views

CVE-2018-19933

Bolt CMS before 3.6.2 is vulnerable to cross-site scripting via the text input click preview button, demonstrated by the Title field of a configured or new entry. Related advisories (GHSA-2G23-QMMP-FVMR, OSV entries) link this XSS to Bolt 3.6.4 and earlier references, including a public exploit/d...

6.1CVSS5.8AI score0.03466EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/12/17 6:0 p.m.26 views

CVE-2018-19933

Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry...

6.3AI score0.03466EPSS
Exploits5References3
Rows per page
Query Builder