4432 matches found
Chromium: CVE-2026-13025 Insufficient validation of untrusted input in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-13024 Insufficient validation of untrusted input in Navigation
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-12208
A flaw was found in the jsonata JavaScript library. A prototype pollution vulnerability exists in the createFrame function in src/jsonata.js, allowing a remote attacker to manipulate object prototype attributes. This could lead to unauthorized modification of application behavior. Mitigation Do n...
EUVD-2026-37005
i18next-fs-backend vulnerable to prototype pollution via crafted missing-key string...
CVE-2026-54513
A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...
DEBIAN-CVE-2026-13024
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13024
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-13024
CVE-2026-13024 : The issue is in Google Chrome’s Navigation logic, where insufficient validation of untrusted input in the renderer allows a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. Affected product: Google Chrome (Chromium-based)....
EUVD-2026-39039
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...
CVE-2026-50705
A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...
jackson-databind has a @JsonView bypass for unwrapped creator parameters
Summary UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults prop.visibleInViewactiveView. The normal property-based creator path gates creator properties on the active view, but this unwrapped-creator replay path bypasses tha...
CVE-2026-54298 Astro: XSS via Unescaped Attribute Names in Spread Props
Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...
EUVD-2026-38332
LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search...
CVE-2026-12034
The following flaw was identified in the Chromium browser: Insufficient validation of untrusted input Linux Toolkit Theming. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=519258799...
CVE-2026-12025
The following flaw was identified in the Chromium browser: Insufficient validation of untrusted input Network. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517153191...
Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Astra Linux – Vulnerability in hsqldb
Those who use java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL Database to process untrusted input may be vulnerable to a remote code execution attack. By default, it is allowed to call any static method of any Java class in the classpath, resulting in code execution. This issu...
Astra Linux – Vulnerability in jsoup
jsoup is a Java library for working with HTML. Users of jsoup versions prior to 1.14.2 who parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user-supplied input, an attacker may provide content that causes the parser to become stuck loop indefinitely until...