XWiki - Information Disclosure

XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

Chromium: CVE-2026-11008 Insufficient validation of untrusted input in WebAppInstalls

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux - уязвимость в chromium

Inappropriate implementations in WebApp installations in Google Chrome on Windows prior to version 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Before version 103.0.5060.53, using free after in the WebApp Provider in Google Chrome allowed a remote attacker who convinced the user to engage in certain user interactions to potentially exploit heap corruption through specific UI interactions...

Astra Linux - уязвимость в chromium

Chromium: CVE-2021-30622 – Use after free in WebApp installations...

Astra Linux - уязвимость в chromium

Inappropriate implementations in WebApp installations in Google Chrome prior to version 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass the installation dialog through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

In WebApp installations using free after 102.0.5005.61, an attacker who convinced a user to install a malicious extension could potentially exploit heap corruption through a crafted Chrome Extension and specific user interactions...

Malicious code in @webapp-next/store (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cbad3803cdda40845fe2aa64e0963b9293f9ee523b3f9205a354da2ae1e317bf package.json declares "preinstall": "node index.js", which runs automatically on npm install. index.js collects os.hostname, os.platform, os.arch,...

Malicious code in @uipath/packager-tool-webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2026-3563 Malicious code in @uipath/packager-tool-webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c76aeb1a6159cbf098abccd70c3d3006fb763c2ef580545a64d87267a79705ae Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2026-8019

An insufficient policy enforcement flaw was found in the WebApp component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498353173...

SUSE CVE-2026-8019

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...

Linux Distros Unpatched Vulnerability : CVE-2026-8019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page...

EUVD-2026-28141

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Exploit for Incorrect Authorization in Hyland Alfresco_Content_Services

CVE-2026-26336 — Alfresco Share Unauthenticated File Read...

CVE-2026-8019

Insufficient policy enforcement in WebApp in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...