CVE-2026-27974

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...

CVE-2025-12699

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699

The CVE-2025-12699 entry concerns the ZOLL ePCR iOS Mobile Application. The issue arises when unsanitized user input inserted into a WebView (PCR fields: run number, incident, call sign, notes) is interpreted as HTML/JS. In the provided POC, injected scripts could read local files from the app’s ...

CVE-2025-12699 ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699 ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

PT-2026-7469

Name of the Vulnerable Software and Affected Versions ZOLL ePCR IOS application affected versions not specified Description The application displays user-supplied data within a WebView without proper sanitization. Specifically, attacker-controlled strings entered into PCR fields such as run numbe...

ZOLL ePCR 安全漏洞

ZOLL ePCR is an electronic casualty reporting software developed by ZOLL Corporation in the United States. ZOLL ePCR has a security vulnerability, which stems from uncleaned user inputs being reflected into the WebView, potentially allowing arbitrary local file access...

Exploit for Missing Authorization in Google Chrome

!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.184137...

Fedora 42 : cef (2026-2a94cc43d9)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2a94cc43d9 advisory. Update to 143.0.7499.192 rhbz2427842 High CVE-2026-0628: Insufficient policy enforcement in WebView tag Tenable has extracted the preceding description block...

Fedora: Security Advisory (FEDORA-2026-2a94cc43d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Malicious Package

Overview react-native-webview-forked is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

EUVD-2026-3258

Malicious code in react-native-webview-forked npm...

Malicious code in react-native-webview-forked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...

MAL-2026-348 Malicious code in react-native-webview-forked (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48574c96ad66df5527d36dccb8f8c425b244bb90c2ac49491618968865ccd7da The package react-native-webview-forked was found to contain malicious code. Source: ghsa-malware...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20020-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20020-1 advisory. Changes in chromium: - Chromium 143.0.7499.192 boo1256067: CVE-2026-0628: Insufficient policy enforcement in WebView tag - Chromium 143.0.7499.169 stabl...

Fedora: Security Advisory (FEDORA-2026-66162d01ae)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:20020-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 143.0.7499.192 boo1256067: CVE-2026-0628: Insufficient policy enforcement in WebView tag - Chromium 143.0.7499.169 stable released 2025-12-18 no cve listed yet...

Chromium: CVE-2026-0628 Insufficient policy enforcement in WebView tag

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2023-43955

The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles external intents through WebView. This allows attackers to execute arbitrary code, create arbitrary files. and perform arbitrary downloads via JavaScript that uses takeBlobDownloadData...