10912 matches found
CVE-2026-47430 Cordova Plugin InAppBrowser: iOS: Arbitrary Cordova callback IDs can be dispatched without validation from InAppBrowser WebViews
Summary The iOS implementation of cordova-plugin-inappbrowser passes the id field from a WKScriptMessage body to commandDelegate sendPluginResult:callbackId: with no format validation CDVWKInAppBrowser.m:560–574. Any web content loaded inside the InAppBrowser can fire any pending Cordova callback...
CVE-2026-11295
An inappropriate implementation flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502444677...
CVE-2026-11290
An integer overflow flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502264647...
CVE-2026-11178
A policy bypass flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502501810...
CVE-2026-11167
An inappropriate implementation flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502228856...
CVE-2026-11097
An inappropriate implementation flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500311718...
CVE-2026-11080
An use after free flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500032538...
CVE-2026-11072
An use after free flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499238195...
SUSE CVE-2026-11007
Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-11072
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. Chromium security severity: Medium...
SUSE CVE-2026-11080
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-11097
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11007
An insufficient validation of untrusted input flaw was found in the WebView component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495834228...
SUSE CVE-2026-11167
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-11178
Insufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2026-11290
Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. Chromium security severity: Low...
SUSE CVE-2026-11295
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11422
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
CVE-2026-11422
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...
EUVD-2026-34916
Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...