CVE-2026-10949

Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6427

The WordPress plugin a3 Lazy Load (versions ≤ 2.7.6) is vulnerable to Stored XSS via crafted markup. A regex bug in _filter_videos() misquotes HTML attributes and, with unescaped output in admin/views/form-data.php, allows an authenticated Contributor to inject a script that executes in any view...

CVE-2026-6427 a3 Lazy Load <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Element

The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filtervideos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

EUVD-2009-1698

Malware in sbrugna...

EUVD-2011-3051

Malware in sbrugna...

EUVD-2014-1601

Malware in sbrugna...

EUVD-2011-3624

Malware in sbrugna...

SUSE CVE-2009-1703

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within 1 audio and 2 video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document...

SUSE CVE-2011-2618

Opera before 11.50 allows remote attackers to cause a denial of service application crash via web script that moves a 1 AUDIO element or 2 VIDEO element between windows...

SUSE CVE-2011-3665

Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via an Ogg VIDEO element that is not properly handled after scaling...

SUSE CVE-2015-3417

Use-after-free vulnerability in the ffh264freetables function in libavcodec/h264.c in FFmpeg before 2.3.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

Design/Logic Flaw

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

CVE-2019-12954

SolarWinds Network Performance Monitor Orion Platform 2018, NPM 12.3, NetPath 1.1.3 allows XSS by authenticated users via a crafted onerror attribute of a VIDEO element in an action for an ALERT...

The vulnerability of the SeaMonkey software allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox and SeaMonkey due to improper garbage collection of text track management variables. Exploiting this vulnerability allows malicious actors to execute arbitrary code or cause service failures e.g., errors whe...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability exists in the mozilla::dom::TextTrack::AddCue function in Mozilla Firefox and SeaMonkey due to improper garbage collection of text track management variables. Exploiting this vulnerability allows malicious actors to execute arbitrary code or cause service failures e.g., errors whe...

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of the HTMLVideoElement interface in browsers such as Firefox and Firefox ESR is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using JavaScript, thereby modifying the media elements’ tables...

Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...