8375 matches found
EUVD-2026-45103
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths,...
CVE-2026-15907
A flaw has been found in H3C SecPath F1000-C8300 up to 20260522. This impacts an unknown function of the file /webui/?g=logfwnbcmailjsondata. Executing a manipulation of the argument subject can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...
Linux Distros Unpatched Vulnerability : CVE-2026-15777
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to...
CVE-2026-45737
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From 3.2.0 until 3.2.12, 3.3.10, and 3.4.2, Argo CD ServerSideDiff can expose Kubernetes Secret values embedded in the kubectl.kubernetes.io/last-applied-configuration annotation because HideSecretDatatarget, live, ... does...
CVE-2026-62948 OpenWrt odhcpd/LuCI: unauthenticated DHCPv6 client can inject lease-file lines via FQDN hostname → stored XSS in the LuCI admin UI
OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, odhcpd writes a DHCPv6 client FQDN option 39 hostname into /tmp/odhcpd.leases through src/statefiles.c statefileswritestate6 and statefileswritestate4 without escaping, allowing newline injection of forged lease lin...
CVE-2026-56687
Dell ThinOS 10, versions prior to 260510.2100, contain an Obsolete Feature in UI vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access...
CVE-2026-56687
Dell ThinOS 10 is affected (versions prior to 2605_10.2100) by an Obsolete Feature in UI vulnerability. A low-privilege, local attacker could potentially obtain unauthorized access. No exploit details or specific remediation are provided in the documents; see Dell KB security update (DSA-2026-300...
CVE-2026-1563
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...
CVE-2026-1563
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Reflected Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...
CVE-2026-1562
Pega Platform versions 8.1.0 through 25.1.2 are affected by an Stored Cross-site scripting XSS vulnerability in a user interface component. Requires a high privileged user with a developer role...
Google Chrome < 150.0.7871.124 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 150.0.7871.124. It is, therefore, affected by multiple vulnerabilities as referenced in the 202607stable-channel-update-for-desktop0353146366 advisory. - Use after free in UI in Google Chrome on Linux prior to...
CVE-2026-15777
Use after free in UI in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-15764
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.125 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-15765
CVE-2026-15765 : Use-after-free in Ozone of Google Chrome prior to 150.0.7871.125. A remote attacker, tricking a user into specific UI gestures, could potentially exploit heap corruption via a crafted HTML page. The Chrome security update 150.0.7871.124/125 (Stable Channel) includes fixes for thi...
CVE-2026-50454
Relative path traversal in Windows User Interface Core allows an authorized attacker to elevate privileges locally...
CVE-2026-58595
Improper restriction of rendered ui layers or frames in Microsoft Bing App for IOS allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-50454
The CVE-2026-50454 entry describes a Privilege Elevation via Relative Path Traversal in Windows User Interface Core. Affected component: Windows User Interface Core; attack requires local access (LOCAL) with LOW privileges and no user interaction per the CVSS v3.1 vector. Impact is Elevation of P...
CVE-2026-50454 Windows User Interface Core Elevation of Privilege Vulnerability
...
CVE-2026-50454 Windows User Interface Core Elevation of Privilege Vulnerability
...
CVE-2026-58595
CVE-2026-58595 concerns the Microsoft Bing App for iOS, where an improper restriction of rendered UI layers or frames enables an unauthorized attacker to spoof over a network. The vulnerability affects the Bing iOS app’s UI rendering stack (specific component not detailed in the provided document...