5820 matches found
CVE-2026-11236
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11175
Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11092
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-11038
CVE-2026-11038 affects Google Chrome’s Subresource Integrity policy enforcement. The vulnerability allows a remote attacker to bypass content security policy via malicious network traffic in Chrome versions prior to 149.0.7827.53. Affected component is Subresource Integrity enforcement within Chr...
CVE-2026-10998
CVE-2026-10998 corresponds to an out-of-bounds read in Media in Google Chrome, exploitable by an attacker on the local network via crafted traffic. Affected product: Google Chrome (Media component). Root cause: out-of-bounds memory read triggered by processing network data before the browser upda...
CVE-2026-10950
CVE-2026-10950 affects Google Chrome on iOS (Autofill) where insufficient policy enforcement allowed a remote attacker to exfiltrate cross-origin data via a crafted HTML page. The issue is tied to Autofill handling in Chrome for iOS before version 149.0.7827.53. A patch is expected in 149.0.7827....
CVE-2026-10888
Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. Chromium security severity: Critical...
PHP 8.5.x < 8.5.7 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.5.7. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.5.7 advisory. - In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal. CVE-2026-44928 - In uriparse...
h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44181 via jupyter-enterprise-gateway (=3.2.2)
jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44181 Source advisory: OSV:GHSA-F49J-V924-FX9W...
h2o-notebook (>=0.3.0 <=0.4.1) potentially affected by CVE-2026-44180 via jupyter-enterprise-gateway (=3.2.2)
jupyter-enterprise-gateway PYPI version =3.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on jupyter-enterprise-gateway and may be impacted: - h2o-notebook =0.3.0, =0.4.1 Source cves: CVE-2026-44180 Source advisory: OSV:GHSA-CHQ7-94J8-CJ28...
CVE-2026-47325 Weak password policy in ProjectsAndPrograms school-management-system
ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a...
CVE-2026-40780 WordPress BookIt plugin < 2.5.4.1 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1...
CVE-2026-32250
NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting XSS vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint /index.php?route=/queries/user/. The application reflects user-supplied input from the id parameter into the HTML response...
EUVD-2026-33820
A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a resource management vulnerability. This vulnerability stemmed from the Passwords component reusing resources after release, which could allow remote attackers to execute arbitrary...
WordPress plugin Slider Revolution 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
DesDev DedeCMS SQL注入漏洞
DesDev DedeCMS is an open-source content management system CMS developed by DesDev Corporation, based on PHP. This system offers functions such as content publishing, content management, content editing, and content retrieval. Version 5.7.88 of DesDev DedeCMS contains a SQL injection vulnerabilit...
CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...
@redhat-cloud-services/frontend-components-inventory-compliance (>=0.0.1 <=3.4.4), @redhat-cloud-services/frontend-components-inventory-insights (>=0.0.1 <=3.2.3) +2 more potentially affected by unknown CVE via @redhat-cloud-services/frontend-components-remediations (=4.9.1)
@redhat-cloud-services/frontend-components-remediations NPM version =4.9.1 is affected by a known vulnerability. The following packages have a transitive dependency on @redhat-cloud-services/frontend-components-remediations and may be impacted: -...