365235 matches found
CVE-2026-7850
The WP Magnific Popup WordPress plugin (versions through 1.0) is affected by a Stored XSS due to improper escaping of user-controlled link URLs before injecting them into the DOM when displaying image load error messages. This allows authenticated attackers with Author-level access or higher to i...
CVE-2026-9570
Summary: CVE-2026-9570 affects the Taskbuilder WordPress plugin prior to 5.0.8. The vulnerability arises because a URL parameter is not properly sanitized before being echoed into inline JavaScript on a frontend page that uses a shortcode, causing a Reflected Cross-Site Scripting (XSS) vulnerabil...
CVE-2026-8383
The CVE-2026-8383 entry affects the LearnPress WordPress plugin (prior to version 4.3.7). The issue is a missing access control check on a REST endpoint: the edit context is not gated behind the edit_users capability, allowing unauthenticated visitors to retrieve per-user data including roles, fu...
CVE-2026-0057
CVE-2026-0057 affects the Android Contacts Provider. A missing permission check can allow an attacker to read an incoming call’s phone number and related metadata, enabling local information disclosure without extra execution privileges, and exploitation does not require user interaction. The iss...
CVE-2026-0019
CVE-2026-0019 affects SettingsLib and enables a logic-error path that could disable system components, enabling local privilege escalation without extra privileges or user interaction. The issue is classified as Elevation of Privilege (High) in Android 17 release notes; patches are included in An...
CVE-2025-48643
CVE-2025-48643 is an Android system-level issue described across multiple sources as a provisioning bypass caused by improper input validation, enabling local privilege escalation with no user interaction. The Android 17 security release notes classify it under System, with type EoP and a High se...
CVE-2025-48640
CVE-2025-48640 is described across multiple connected sources as a remote elevation of privilege in Android components caused by a missing permission check during 3rd‑party passkey entry pairing approval. The impact is high (CVE notes adjacent/remote escalation with no user interaction) with a lo...
CVE-2025-48617
CVE-2025-48617 affects Android’s CarrierConfigLoader.java, specifically overrideConfig, enabling a permissions/UID check bypass that could cause local privilege escalation with no additional execution privileges required and no user interaction. The vulnerability is tied to a local attack vector ...
CVE-2025-48571
CVE-2025-48571 affects the btm_sec.cc code path and enables possible interception of SMS messages due to a logic error, leading to remote information disclosure with no extra privileges, requiring user interaction. The connected ENISA and NVD/NVD-derived entries corroborate this CVE as of Android...
CVE-2026-53876
The RadiX AX6600 WiFi 6 Tri-Band Gaming Router is affected by an OS command injection vulnerability that may lead to arbitrary command execution with root privileges when an administrator logs in to the web console. The issue is described as an OS command injection; the exact root cause details a...
CVE-2026-12360
The CVE concerns the JetEngine WordPress plugin ≤ 3.8.10.1, where the listing_load_more AJAX endpoint mishandles the filtered_query field. Specifically, meta_query row values are not sanitized before being merged into SQL, and these values are excluded from the HMAC signature check to support fro...
CVE-2026-49050
Technical details are not publicly available in the provided documents. This CVE entry is reserved; monitor for updates as information may be disclosed later.
CVE-2025-15642
The CVE-2025-15642 entry concerns Netskope Client for Windows. The issue is described as weak discretionary access control lists on the Netskope Client service object and related registry keys, allowing a malicious insider with admin privileges to bypass NSClient Tamper Protections. Affected: Net...
CVE-2026-50203
Summary: CVE-2026-50203 describes a path traversal in the Apache Airflow SFTP provider (SFTPHook.retrieve_directory and SFTPOperator(operation=get)) that can cause files to be written outside the configured local destination when downloading directories from a malicious/untrusted remote SFTP serv...
CVE-2026-36849
CVE-2026-36849 is described in OSV entries (Ubuntu, Debian) as a Denial of Service vulnerability triggered by a large SamplesPerPixel tag. The connected documents provide DoS details but do not specify affected products, versions, root cause, exploits, or patches. Other connected sources (SUSE, C...
CVE-2026-12469
CVE-2026-12469 affects Google Chrome on Android, where an uninitialized use in the GPU could allow a remote attacker to leak cross-origin data via a crafted HTML page. The vulnerability lies in the GPU component, with the affected version range prior to 149.0.7827.155. Remediation is to update to...
CVE-2026-12468
CVE-2026-12468: A race in Chrome Mac updater allows a remote attacker (with renderer access) to potentially escape the sandbox via a crafted HTML page. Affected: Google Chrome on macOS prior to 149.0.7827.155. Impact: High. Mitigation: update to 149.0.7827.155 or later (per linked Chrome security...
CVE-2026-12467
CVE-2026-12467 corresponds to a use-after-free in Google Chrome Extensions, allowing a remote attacker who has compromised the renderer process to potentially escape the sandbox via a crafted HTML page. Affected software: Google Chrome prior to version 149.0.7827.155 (Extensions component, render...
CVE-2026-12466
Summary (CVE-2026-12466) : A heap buffer overflow in WebRTC within Google Chrome on Windows before version 149.0.7827.155 allows remote code execution via a crafted HTML page. Multiple connected sources corroborate the Windows/WebRTC/chrome vector and fixed version, signaling a high-severity Chro...
CVE-2026-12465
CVE-2026-12465 affects Google Chrome Metrics: an Object lifecycle issue in Chrome prior to 149.0.7827.155 allows a renderer-compromised remote attacker to potentially escape the sandbox via a crafted HTML page. Patch: update to Chrome 149.0.7827.155 or newer. Exploitation details are not describe...
CVE-2026-12463
The CVE-2026-12463 entry corresponds to an UXSS vulnerability in Google Chrome on Linux, caused by an inappropriate implementation in Views that allowed a compromised renderer to inject arbitrary scripts/HTML via a crafted HTML page. Affected product is Chrome on Linux, with the issue present pri...
CVE-2026-12464
CVE-2026-12464 : A use-after-free in the Google Chrome renderer before 149.0.7827.155 may allow a remote attacker who compromises the renderer to escape the sandbox via a crafted HTML page, per multiple sources. Affected software is Chrome browsers with the vulnerable Chromium component; the issu...
CVE-2026-12462
CVE-2026-12462 is a use-after-free in the Media component of Google Chrome before 149.0.7827.155. An attacker who has compromised the renderer process could trigger a crafted HTML page to execute arbitrary code inside Chrome’s sandbox. The vulnerability is tied to the Chromium-based Media stack a...
CVE-2026-12461
CVE-2026-12461 affects Google Chrome on Windows, with an out-of-bounds read in WebRTC present in versions prior to 149.0.7827.155. The vulnerability could allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. Mitigation is to update Chrome to 149....
CVE-2026-12460
CVE-2026-12460 affects Google Chrome/Chromium: insufficient policy enforcement in File System Access allows a remote attacker who has compromised the renderer to bypass site isolation via a crafted PDF file, prior to Chrome 149.0.7827.155. The vulnerability is triggered through the JavaScript/PDF...
CVE-2026-12459
CVE-2026-12459: In Google Chrome (Chromium-based), the Serial component has an inappropriate implementation prior to 149.0.7827.155 that enables a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Affected versions are Chrome before 149.0.7827.155; remediation is...
CVE-2026-12458
The CVE-2026-12458 issue affects Google Chrome (Chromium-based) prior to 149.0.7827.155. Core problem: an inappropriate implementation in Passwords leads to cross-origin data leakage when a user is induced to perform specific UI gestures on a crafted HTML page. Documented impact: leakage of cross...
CVE-2026-12457
CVE-2026-12457 affects Google Chrome extensions in the renderer prior to version 149.0.7827.155. The underlying issue is an inappropriate extension implementation that lets a remote attacker, who has already compromised the renderer process, bypass Chrome’s site isolation via a crafted HTML page....
CVE-2026-12456
CVE-2026-12456 describes an Inappropriate implementation in Extensions in Google Chrome before 149.0.7827.155, where convincing a user to install a malicious extension could bypass the same-origin policy via a crafted Chrome Extension. Affected software: Google Chrome (Extensions subsystem). Root...
CVE-2026-12455
CVE-2026-12455 describes a Use-After-Free in Chrome’s Tab Strip, where a remote attacker could trigger heap corruption by convincing a user to perform specific UI gestures on a crafted HTML page. The issue affects Google Chrome prior to version 149.0.7827.155. Several connected sources (EUVD, DEB...
CVE-2026-12453
CVE-2026-12453 affects Google Chrome (Chromium-based) prior to 149.0.7827.155. The issue is insufficient validation of untrusted input in Input, allowing a renderer process account-compromised page to bypass the same-origin policy via a crafted HTML page. Practical impact stated is the bypass of ...
CVE-2026-12454
Google Chrome on macOS is affected by CVE-2026-12454 due to a race in the Safe Browsing path of the Chromium rendering process. The issue could allow a remote attacker who has already compromised the renderer to escape the sandbox via a crafted HTML page. The vulnerability is tied to Chrome versi...
CVE-2026-12452
The CVE-2026-12452 issue affects Google Chrome on Android (Chromium base). It is a use-after-free in Downloads, leading to potential heap corruption via a crafted HTML page. Version detail: affected prior to 149.0.7827.155; Apache-style phrasing aside, remediation is to update to 149.0.7827.155 o...
CVE-2026-12451
CVE-2026-12451 is a use-after-free in Google Chrome’s DigitalCredentials component that could allow a remote attacker who has compromised the renderer process to escape sandbox via a crafted HTML page. Affected product: Google Chrome (Chromium-based) prior to version 149.0.7827.155. The underlyin...
CVE-2026-12450
CVE-2026-12450 describes an inappropriate implementation in the Media component of Google Chrome (Chromium-based) prior to build 149.0.7827.155. The underlying issue allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. The vulnerability...
CVE-2026-12449
CVE-2026-12449 relates to a use-after-free in Chromoting for Google Chrome on Windows cases prior to version 149.0.7827.155, enabling a local attacker to achieve OS‑level privilege escalation via a malicious file. The cross‑reference entries confirm the affected component as Chromoting within Chr...
CVE-2026-12448
CVE-2026-12448 affects WebView in Google Chrome on Android prior to 149.0.7827.155. The issue is an inappropriate implementation in WebView that allows a remote attacker to escalate privileges via a crafted HTML page. The vulnerability is tied to Chromium WebView behavior and is rated High severi...
CVE-2026-12447
CVE-2026-12447 affects Google Chrome/WebRTC (Chromium). The issue is a heap buffer overflow in WebRTC that allows remote code execution via a crafted HTML page, affecting builds prior to 149.0.7827.155. Impact is a sandbox escape/total compromise of the browser process, per the cited descriptions...
CVE-2026-12446
CVE-2026-12446 : In Chromium-based Google Chrome, an inappropriate implementation in Passwords prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Affected component: Passwords handling in Chrome/Chromium. Root cause: improper cross-origin data han...
CVE-2026-12445
CVE-2026-12445 : A use-after-free in Google Chrome extensions handling leads to potential heap corruption when a user is persuaded to install a malicious extension. Affected product: Google Chrome (Extensions component). Root cause: use-after-free in the Extensions code path, enabling memory corr...
CVE-2026-12443
CVE-2026-12443 is a use-after-free in Chrome’s Web Authentication implementation that could allow a remote attacker to execute arbitrary code via a crafted HTML page. Affected software: Google Chrome (Chromium). Underlying issue is in Web Authentication handling that leads to memory misuse. Impac...
CVE-2026-12444
Chromoting in Google Chrome on Windows is affected by an out-of-bounds read vulnerability tracked as CVE-2026-12444. The issue allows a local attacker to obtain potentially sensitive information from process memory via a malicious file. The root cause is an out-of-bounds memory read in Chromoting...
CVE-2026-12442
The CVE-2026-12442 entry describes a use-after-free in Passwords in Google Chrome on Android before version 149.0.7827.155, allowing a remote attacker to execute arbitrary code via a crafted HTML page (Chromium security severity: Critical). Connected sources confirm this vulnerability affects Chr...
CVE-2026-12441
CVE-2026-12441 affects Google Chrome on Linux (File Input component). The issue is a use-after-free that can lead to heap corruption via a crafted HTML page, enabling a remote attacker to potentially exploit the vulnerability. Affected version range is prior to 149.0.7827.155; remediation is to u...
CVE-2026-12440
CVE-2026-12440 concerns a use-after-free in Google Chrome’s DigitalCredentials on Windows, prior to version 149.0.7827.155. The issue allows a remote attacker to potentially escape the Chrome sandbox via a crafted HTML page, classified as Critical. Affected software is Chrome with the DigitalCred...
CVE-2026-12438
The CVE-2026-12438 entry corresponds to an issue in WebView for Google Chrome on Android, where an attacker who compromised the renderer process could escape the browser sandbox via a crafted HTML page. Affected product/vector: Android WebView in Chrome; root cause: inappropriate implementation i...
CVE-2026-12439
CVE-2026-12439 describes a use-after-free in Google Chrome’s Digital Credentials handling, leading to potential heap corruption when processing a crafted HTML page. Affected product: Chrome (Chromium-based) before version 149.0.7827.155. Root cause: use-after-free in Digital Credentials component...
CVE-2026-12437
CVE-2026-12437 describes a use-after-free in WebShare for Google Chrome on Windows before 149.0.7827.155. A remote attacker who already has renderer compromise could exploit a crafted HTML page to attempt a sandbox escape. The vulnerability is rated Critical. Affected software is Google Chrome (W...
CVE-2025-15641
The CVE details a vulnerability in Netskope Client for Windows where an insider with administrative privileges can tamper with the customer IOCTL by sending crafted IOCTL requests to the driver, bypassing anti-tampering protections for NSClient. Affected: Netskope Client on Windows; versions: all...
CVE-2026-55706
OpenBSD affected by CVE-2026-55706: the sppp_pap_input() function in sys/net/if_spppsubr.c allows an authentication bypass when certain zero values are used for lengths. OpenBSD versions prior to 076e2b1 are affected; root cause is improper handling of length values in PAP input. Remediation: upg...