CVE-2026-11697

Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11697

CVE-2026-11697 affects Google Chrome’s UI layer built on Chromium, where insufficient validation of untrusted input could enable a remote attacker to escape the sandbox via a crafted HTML page. The issue is described as a High-severity vulnerability, with exploitation linked to messages that prev...

DEBIAN-CVE-2026-9885

Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-7992

Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7992

CVE-2026-7992 affects Google Chrome on Linux and ChromeOS prior to 148.0.7778.96. The root cause is insufficient validation of untrusted input in the UI, allowing a remote attacker who entices a user to perform specific UI gestures to execute arbitrary code via a crafted HTML page. The CVE is ref...

PT-2026-1852

Lack of authorization of the InputManager D-Bus interface in InputPlumber versions before v0.63.0 can lead to local Denial-of-Service, information leak or even privilege escalation in the context of the currently active user session...

EUVD-2020-21403

Malware in sbrugna...

MAL-2025-19647 Malicious code in endgame-ui-input-text (npm)

The package endgame-ui-input-text was found to contain malicious code...

Malicious code in endgame-ui-input-text (npm)

The package endgame-ui-input-text was found to contain malicious code...

CVE-2025-4135

A vulnerability was found in Netgear WG302v2 up to 5.2.9 and classified as critical. Affected by this issue is the function uigetinputvalue. The manipulation of the argument host leads to command injection. The attack may be launched remotely. The vendor was contacted early about this disclosure...

PT-2024-7561 · Beckhoff · Twincat Package Manager

Name of the Vulnerable Software and Affected Versions: TwinCAT Package Manager affected versions not specified Description: A local user with administrative access rights can enter specially crafted values for settings at the user interface UI of the TwinCAT Package Manager, which can cause...

PT-2023-9313 · Oracle · Oracle Zfs Storage Appliance Kit

Name of the Vulnerable Software and Affected Versions: Oracle ZFS Storage Appliance Kit version 8.8 Description: The issue is related to insufficient input validation in the user interface of the Oracle ZFS Storage Appliance Kit. This easily exploitable vulnerability allows an unauthenticated...

Parse CAs from UI Input

This plugin checks for data in from the Trusted CAs UI input, and stores the info if any in the KB TRUSTED...

CVE-2021-22021

VMware vRealize Log Insight 8.x prior to 8.4 contains a Cross Site Scripting XSS vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared...

Cisco Modeling Labs Parameter Injection Vulnerability

Cisco Modeling Labs is a software application from the American company Cisco Cisco. A local network simulation tool that runs on workstations and servers. Cisco Modeling Labs suffers from a parameter injection vulnerability that stems from insufficient validation of user-supplied web UI input,...

GateManager Cross-Site Scripting Vulnerability

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the Web UI input field of GateManager versions prior to 9.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the input script tag...

CVE-2020-29021 Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS)

A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3...