184484 matches found
PT-2026-55074
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to be served from the site with an attacker-chosen content type on S3/GCS storage backends. On...
PT-2026-54291
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A race condition in the WebRTC component on Windows allows a remote attacker to leak cross-origin data by using a specially crafted HTML page. WebRTC Web Real-Time Communication is a...
PT-2026-54322
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to bypass the content security policy if a user is convinced to install a malicious extension. This is achieved through ...
PT-2026-54293
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Navigation component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is...
PT-2026-54299
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the SanitizerAPI allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...
PT-2026-54283
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in PermissionsPolicy allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Google Chrome to...
PT-2026-54298
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Network component allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML...
PT-2026-54264
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Paint component allows a remote attacker to perform UI spoofing by using a crafted HTML page. UI spoofing is a technique where an attacker mimics ...
PT-2026-54280
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to leak cross-origin data, which is information from a different origin than the one serving the page, by using a crafted...
PT-2026-54295
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Passwords component allows a remote attacker to leak cross-origin data, which is data belonging to a different origin than the one serving the...
PT-2026-54302
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An issue in the SplitView security UI allows a remote attacker to perform UI spoofing. This occurs when a user is convinced to perform specific UI gestures while interacting with a...
PT-2026-54266
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DataTransfer allows a remote attacker who has compromised the renderer process to perform UI spoofing via a crafted HTML page...
PT-2026-54271
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in the Autofill feature allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where a...
PT-2026-54287
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An out of bounds read exists in SurfaceCapture, which allows a remote attacker to perform an out of bounds memory read by using a crafted HTML page. An out of bounds read occurs when th...
PT-2026-54273
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Incorrect security UI in Extensions allows a remote attacker to perform UI spoofing via a crafted HTML page if a user is convinced to engage in specific UI gestures. UI...
PT-2026-54276
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An improper implementation of XML allows a remote attacker to perform Universal Cross-Site Scripting UXSS by using a crafted HTML page to inject arbitrary scripts or HTML. Recommendatio...
PT-2026-54222
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description An inappropriate implementation in ScriptInjections allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Recommendations Update Google Chrom...
PT-2026-54243
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A heap buffer overflow exists in the V8 engine, which is the open-source JavaScript and WebAssembly engine used by the browser. This flaw allows a remote attacker to execute arbitrary...
PT-2026-54252
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient data validation in the Storage component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is achieved...
PT-2026-54246
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in the Media component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory...
PT-2026-54223
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An uninitialized use in XR Extended Reality allows a remote attacker who has compromised the renderer process to obtain potentially sensitive information from process memory through a...
PT-2026-54225
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Payments component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML pag...
PT-2026-54248
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Paint component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, by...
PT-2026-54155
Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 150.0.7871.47 Description A use after free issue exists in the Bluetooth component. This allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape b...
PT-2026-54163
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Isolated Web Apps allows a remote attacker to bypass the content security policy CSP, which is a security layer used to detect and mitigate certain...
PT-2026-54153
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Network component allows an attacker in a privileged network position to bypass the content security policy CSP, which is a security layer that...
PT-2026-54192
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description A use after free issue exists where a remote attacker can potentially exploit heap corruption via a crafted HTML page. This occurs when a user is convinced to perform specific UI...
PT-2026-54195
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description A use after free issue exists where a remote attacker could potentially exploit heap corruption by inducing the browser to process a crafted HTML page. Use after free is a memory...
PT-2026-54173
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Glic allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Google Chrome to version...
PT-2026-54190
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Autofill feature allows a remote attacker to leak cross-origin data. This occurs when a user is convinced to perform specific UI gestures o...
PT-2026-54179
Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description An inappropriate implementation allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an attacker mimics a legitimate user...
PT-2026-54389
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the WebAppInstalls component allows a local attacker to perform UI spoofing by using a malicious file. UI spoofing is a technique where an...
PT-2026-54362
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A heap buffer overflow exists in the WebNN component of Google Chrome on Windows. A remote attacker who has already compromised the renderer process can exploit heap corruption by...
PT-2026-54363
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in Canvas allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page...
PT-2026-54390
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Cast allows a remote attacker who has compromised the renderer process to perform privilege escalation via a crafted HTML page...
PT-2026-54381
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Text allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTM...
PT-2026-54402
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Printing component allows a remote attacker who has already compromised the renderer process to perform UI spoofing by using a specially crafted...
PT-2026-54292
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in SVG allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Cross-origin data leakage occurs when a website accesse...
PT-2026-54238
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient data validation in the PDF component allows a remote attacker who has already compromised the renderer process to bypass navigation restrictions by using a specially crafte...
PT-2026-54208
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Media component on Windows allows a remote attacker who has already compromised the renderer process to perform UI spoofing. This is achieved by...
PT-2026-54211
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in Dawn allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTM...
PT-2026-54230
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description Insufficient policy enforcement in XML allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML...
PT-2026-54224
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to perform UI spoofing through a crafted Chrome Extension if a user is convinced to install the malicious extension...
PT-2026-54221
Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 150.0.7871.47 Description Insufficient policy enforcement in Extensions allows an attacker to perform UI spoofing through a crafted Chrome Extension, provided they can convince a user to install the...
PT-2026-54207
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Actor component allows a remote attacker to bypass navigation restrictions by using a crafted HTML page. Recommendations Update Google Chrome to...
PT-2026-54176
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue in HTML allows a remote attacker to execute arbitrary code within a sandbox by inducing the user to open a specially crafted HTML page. Use after free is a memory...
PT-2026-54159
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A race condition in the USB component allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox escape. This is triggered through the us...
PT-2026-54164
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in the Near Field Communication NFC component allows a remote attacker who has already compromised the renderer process to leak cross-origin...
PT-2026-54165
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A use after free issue exists within the Extensions component. This flaw allows a remote attacker to execute arbitrary code inside a sandbox by inducing the user to visit a specially...
PT-2026-54172
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Autofill feature allows a remote attacker to perform UI spoofing. This occurs when a user is convinced to perform specific UI gestures while...