CVE-2026-3936

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3936

CVE-2026-3936: Use-after-free in WebView for Google Chrome on Android, arising from heap corruption via a crafted HTML page. Affected component is WebView within Chrome/Chromium on Android; vulnerability occurs in versions prior to 146.0.7680.71. The fix is in 146.0.7680.71 and newer; update Chro...

CVE-2026-3936

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-3936

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

Google Chrome on Android 资源管理错误漏洞

Google Chrome is a free web browser developed by Google Inc. A security vulnerability exists in Google Chrome WebView that originates from re-referencing or using freed memory, which can be exploited by remote attackers to execute arbitrary code...

PT-2026-24883

🚨 Chrome 146 Security Alert Google patched 29 vulnerabilities, including CVE-2026-3936 Use-After-Free in WebView. Key points: • Remote code execution possible via crafted web pages • Exploitable without user interaction drive-by • Could expose session data, credentials, or tokens • Update Chrome...

New Chrome Vulnerability Let Malicious Extensions Escalate Privileges via Gemini Panel

Cybersecurity researchers have disclosed details of a now-patched security flaw in Google Chrome that could have permitted attackers to escalate privileges and gain access to local files on the system. The vulnerability, tracked as CVE-2026-0628 CVSS score: 8.8, has been described as a case of...

CVE-2026-27974

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...

CVE-2026-27974

Audiobookshelf is a self-hosted audiobook and podcast server. A cross-site scripting XSS vulnerability exists in versions prior to 0.12.0-beta of the Audiobookshelf mobile application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modificatio...

CVE-2026-27974

Audiobookshelf mobile app vulnerable to cross-site scripting (XSS) in all pre-0.12.0-beta versions. Malicious library metadata can execute JavaScript in victim WebViews when an attacker has library modification privileges or controls a malicious podcast RSS feed, potentially enabling session hija...

CVE-2025-12699

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699 ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699 ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699

The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields run number, incident, call sign, notes are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept POC, injected scripts return loca...

CVE-2025-12699

The CVE-2025-12699 entry concerns the ZOLL ePCR iOS Mobile Application. The issue arises when unsanitized user input inserted into a WebView (PCR fields: run number, incident, call sign, notes) is interpreted as HTML/JS. In the provided POC, injected scripts could read local files from the app’s ...

ZOLL ePCR 安全漏洞

ZOLL ePCR is an electronic casualty reporting software developed by ZOLL Corporation in the United States. ZOLL ePCR has a security vulnerability, which stems from uncleaned user inputs being reflected into the WebView, potentially allowing arbitrary local file access...

PT-2026-7469

Name of the Vulnerable Software and Affected Versions ZOLL ePCR IOS application affected versions not specified Description The application displays user-supplied data within a WebView without proper sanitization. Specifically, attacker-controlled strings entered into PCR fields such as run numbe...

Exploit for Missing Authorization in Google Chrome

!DOIhttps://img.shields.io/badge/DOI-10.5281%2Fzenodo.184137...

Fedora 42 : cef (2026-2a94cc43d9)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2a94cc43d9 advisory. Update to 143.0.7499.192 rhbz2427842 High CVE-2026-0628: Insufficient policy enforcement in WebView tag Tenable has extracted the preceding description block...

Fedora: Security Advisory (FEDORA-2026-2a94cc43d9)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...