Nginx UI - Broken Access Control

Network attackers can fully control nginx service, including config modification and service restart, leading to complete service takeover. id: CVE-2026-33032 info: name: Nginx UI - Broken Access Control author: DhiyaneshDk severity: critical description: | Network attackers can fully control ngi...

Chromium: CVE-2026-11270 Inappropriate implementation in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9984 Use after free in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2026-9951 Use after free in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

IBM Cognos Analytics和IBM Cognos Transformer 跨站脚本漏洞

IBM Cognos Analytics and IBM Cognos Transformer are products of American International Business Machines IBM. IBM Cognos Analytics is a business intelligence software suite. This software includes reports, dashboards, and scorecards, and can assist businesses in adjusting their decisions by...

Chromium: CVE-2026-9110 Inappropriate implementation in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome < 148.0.7778.178 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 148.0.7778.178. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop0841193308 advisory. - Use after free in DOM in Google Chrome on prior to 148.0.7778.179...

SUSE CVE-2026-8511

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

ROS-20260515-73-0041

A vulnerability in the LookalikeChecks component of the Google Chrome and Microsoft Edge browser is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow a remote attacker to spoof an attack using a specially crafted HTML page...

CVE-2026-8541

CVE-2026-8541 describes an out-of-bounds read in Google Chrome UI that could allow a remote attacker—who has already compromised the renderer process—to read potentially sensitive data from process memory via a crafted HTML page. The issue affects Chrome versions prior to 148.0.7778.168. The vuln...

CVE-2026-8511

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

Linux Distros Unpatched Vulnerability : CVE-2026-8541

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially...

Google Chrome < 148.0.7778.167 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 148.0.7778.167. It is, therefore, affected by multiple vulnerabilities as referenced in the 202605stable-channel-update-for-desktop12 advisory. - Use after free in Extensions in Google Chrome on Mac prior to 148.0.7778.16...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Fullscreen component, which could allow remote attackers to execute UI spoofing through...

PT-2026-39587

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...

Chromium: CVE-2026-8021 Script injection in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-7991

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Exploit for Missing Authentication for Critical Function in Nginxui Nginx_Ui

CVE-2026-27944 + CVE-2026-33032 — nginx-ui Zero-Credential RCE...

Arbitrary Code Injection

Overview flowise-ui is a Affected versions of this package are vulnerable to Arbitrary Code Injection via the customReadCSVFunc process. An attacker can execute arbitrary code on the server by supplying malicious input that is interpolated and executed without proper sanitization. This is only...

EUVD-2026-19281

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js Network page and charts.js/index....