SUSE CVE-2026-9937

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Chromium: CVE-2026-9885 Insufficient validation of untrusted input in UI

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-49383

In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible...

CVE-2025-41279

CVE-2025-41279 concerns Nozomi Networks Waterfall WF-500 RX Host (Administration WebUI). A CWE-78 OS Command Injection vulnerability in version 7.9.1.0 R2502171040 allows remote authenticated attackers to execute arbitrary OS commands on the WF-500 RX Host. The underlying root cause is improper n...

CVE-2025-41276

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

CVE-2025-41273

CVE-2025-41273 affects Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040). Nozomi Networks Labs describe CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI, enabling remote unauthenticated attackers to bypass authentication and perform actions as an...

CVE-2025-41272

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

CVE-2025-41271

Nozomi Networks Labs identifies a CWE-23 Relative Path Traversal affecting Waterfall WF-500 TX and RX Hosts (version 7.9.1.0 R2502171040) via the Console WebUI. An unauthenticated remote attacker could read arbitrary files on the device through this vulnerability. The provided documents do not sp...

CVE-2025-41269

The CVE-2025-41269 entry describes a remote OS Command Injection (CWE-78) affecting Waterfall WF-500 Series controllers: Console WebUI on TX/RX Hosts, version 7.9.1.0 R2502171040. Root cause is improper neutralization of special elements in the OS command execution path, permitting remote unauthe...

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

CVE-2025-41266

CVE-2025-41266 affects Waterfall WF-500 TX Host (Administration WebUI), version 7.9.1.0 R2502171040. Root cause: CWE-78 OS Command Injection in the web interface, enabling remote authenticated attackers to execute arbitrary operating system commands on the WF-500 TX Host. Documented impact includ...

EUVD-2026-33128

Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33126

Use after free in UI in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33113

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

EUVD-2026-33098

Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2026-9937

An use after free flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502112506...

CVE-2026-9885

An insufficient validation of untrusted input flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508452241...

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

JetBrains IntelliJ IDEA 代码问题漏洞

JetBrains IntelliJ IDEA is an integrated development environment for the Java language developed by the Czech company JetBrains. Versions of JetBrains IntelliJ IDEA prior to 2026.1 contained code vulnerabilities due to XML external entity injections in the UI Designer form parser...

PT-2026-44806

Name of the Vulnerable Software and Affected Versions Waterfall WF-500 TX and RX Hosts version 7.9.1.0 R2502171040 Description A relative path traversal issue exists in the Administration WebUI. This allows remote unauthenticated attackers to delete arbitrary files on the host machines. Relative...