PT-2026-46797

Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-9937

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-9984

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-9951

Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-8575

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-8561

Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7991

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-38317

IBM Aspera Shares 1.9.0 through 1.10.0 PL6 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

DEBIAN-CVE-2024-5497

Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

BIT-GRAFANA-2022-32276

Grafana 8.4.3 allows unauthenticated access via for example a /dashboard/snapshot/?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability...

CVE-2023-30961 Palantir Gotham UI bug that could lead to incorrect data classification

Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link...

CVE-2023-30961 Palantir Gotham UI bug that could lead to incorrect data classification

Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link...

CVE-2022-32276

Grafana 8.4.3 allows unauthenticated access via for example a /dashboard/snapshot/?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability...

CVE-2022-32276

Grafana 8.4.3 allows unauthenticated access via for example a /dashboard/snapshot/?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability...

CVE-2022-32276

Grafana 8.4.3 allows unauthenticated access via for example a /dashboard/snapshot/?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability...

CVE-2022-32276

Grafana 8.4.3 allows unauthenticated access via for example a /dashboard/snapshot/?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability...

CVE-2022-32276

Grafana 8.4.3 allows unauthenticated access via a /dashboard/snapshot/*?orgId=0 URI. The vendor labels this as a UI bug, not a vulnerability. Connected Red Hat and OSV entries reiterate the same issue and list Grafana 8.4.3 as affected. No public exploit details are provided in the documents. Rem...

UBUNTU-CVE-2021-37971

Incorrect security UI in Web Browser UI in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

Reddit: Email Verification Bypass And Get access to user's private invitation.

Part 2 of my previous report : https://hackerone.com/reports/1225499 I am sending this report again because you closed my previous report. i posed new impact of this vulnerability in my previous report but i didn't get any reply. So i reported it again. First Vulnerability : Email verification...

pcs security update

CentOS Errata and Security Advisory CESA-2015:2290 An updated pcs package that fixes one security issue, several bugs, and add various enhancements is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common...