π¨ CVE-2026-55153
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation (com.mchange.v2.naming.JavaBeanObjectFactory) will construct objects of arbitrary classes and initialize "JavaBean"-style properties, which for certain classes enables JNDI injection and "deserialization gadgets." Such initialization is unsafe for some classes: for example, setting the contentType property of a Swing JEditorPane to text/html and its text property to HTML containing a stylesheet <link> will provoke an HTTP GET on an arbitrary URL, potentially from within a trusted security domain. The problem is aggravated by the library's ReferenceIndirector, through which malicious JNDI Reference objects can be smuggled in for dereferencing wherever an application reads a Java-serialized object. This has been resolved in version 0.6.0.
π@cveNotify
mchange-commons-java is a Java library of shared utility classes used by mchange projects like the c3p0 connection pool. Prior to version 0.6.0, its JNDI ObjectFactory implementation (com.mchange.v2.naming.JavaBeanObjectFactory) will construct objects of arbitrary classes and initialize "JavaBean"-style properties, which for certain classes enables JNDI injection and "deserialization gadgets." Such initialization is unsafe for some classes: for example, setting the contentType property of a Swing JEditorPane to text/html and its text property to HTML containing a stylesheet <link> will provoke an HTTP GET on an arbitrary URL, potentially from within a trusted security domain. The problem is aggravated by the library's ReferenceIndirector, through which malicious JNDI Reference objects can be smuggled in for dereferencing wherever an application reads a Java-serialized object. This has been resolved in version 0.6.0.
π@cveNotify
GitHub
mchange-commons-java prior to v0.6.0 contains elements susceptible to abuse via JNDI injection and "deserialization gadgets".
### Impact
Prior to version 0.6.0, mchange-commons-java includes a JNDI `ObjectFactory` implementation (`com.mchange.v2.naming.JavaBeanObjectFactory`) willing to construct objects of arbitrary cla...
Prior to version 0.6.0, mchange-commons-java includes a JNDI `ObjectFactory` implementation (`com.mchange.v2.naming.JavaBeanObjectFactory`) willing to construct objects of arbitrary cla...
π¨ CVE-2026-55660
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners β the useTina overlay handler, the OAuth authentication popup handler, and the adminβpreview iframe GraphQL reducer β that act on event.data without verifying event.origin or event.source and post messages using non-specific target origins, while insufficient URL sanitization in rich-text content allows malicious URLs to persist and execute. A page the victim visits (or a window in an opener/iframe relationship with a Tina admin) can forge messages to drive the editor, inject preview content, or observe/forge the OAuth popup channel to take over an authenticated editing session. This issue has been fixed in versions @tinacms/app 2.5.6 and tinacms 3.9.3.
π@cveNotify
Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners β the useTina overlay handler, the OAuth authentication popup handler, and the adminβpreview iframe GraphQL reducer β that act on event.data without verifying event.origin or event.source and post messages using non-specific target origins, while insufficient URL sanitization in rich-text content allows malicious URLs to persist and execute. A page the victim visits (or a window in an opener/iframe relationship with a Tina admin) can forge messages to drive the editor, inject preview content, or observe/forge the OAuth popup channel to take over an authenticated editing session. This issue has been fixed in versions @tinacms/app 2.5.6 and tinacms 3.9.3.
π@cveNotify
GitHub
Harden message origin checks and rich-text URL sanitization by Aibono1225 Β· Pull Request #7056 Β· tinacms/tinacms
Summary
This PR hardens several trusted-boundary checks across the TinaCMS packages.
It includes four focused changes:
Adds origin/source validation to the useTina overlay message handler.
Adds or...
This PR hardens several trusted-boundary checks across the TinaCMS packages.
It includes four focused changes:
Adds origin/source validation to the useTina overlay message handler.
Adds or...
π¨ CVE-2026-55661
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs β including case-variant, whitespace-padded, and control-character-obfuscated forms β is rendered into href/src and executes when the content is viewed. Any actor able to author rich-text content (for example a lower-privileged editor, or imported/external content) can achieve stored XSS against editors and site viewers. This issue is fixed in versions @tinacms/mdx 2.1.7 and tinacms 3.9.3.
π@cveNotify
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs β including case-variant, whitespace-padded, and control-character-obfuscated forms β is rendered into href/src and executes when the content is viewed. Any actor able to author rich-text content (for example a lower-privileged editor, or imported/external content) can achieve stored XSS against editors and site viewers. This issue is fixed in versions @tinacms/mdx 2.1.7 and tinacms 3.9.3.
π@cveNotify
GitHub
Harden message origin checks and rich-text URL sanitization by Aibono1225 Β· Pull Request #7056 Β· tinacms/tinacms
Summary
This PR hardens several trusted-boundary checks across the TinaCMS packages.
It includes four focused changes:
Adds origin/source validation to the useTina overlay message handler.
Adds or...
This PR hardens several trusted-boundary checks across the TinaCMS packages.
It includes four focused changes:
Adds origin/source validation to the useTina overlay message handler.
Adds or...
π¨ CVE-2026-55886
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.set(chain, value, obj), which walks the dot-separated chain, creating and following each path segment without filtering prototype-mutating keys. A chain that begins with (or contains) __proto__, constructor, or prototype lets the final assignment reach and mutate Object.prototype. Applications that pass a user-controlled or partially user-controlled key path into Jodit.modules.Helpers.set() could be vulnerable, causing unexpected property injection, logic bypass, denial of service, or secondary security issues. This issue has been fixed in version 4.12.26.
π@cveNotify
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. Versions prior to 4.12.26 are vulnerable to Prototype Pollution through Jodit.modules.Helpers.set(chain, value, obj), which walks the dot-separated chain, creating and following each path segment without filtering prototype-mutating keys. A chain that begins with (or contains) __proto__, constructor, or prototype lets the final assignment reach and mutate Object.prototype. Applications that pass a user-controlled or partially user-controlled key path into Jodit.modules.Helpers.set() could be vulnerable, causing unexpected property injection, logic bypass, denial of service, or secondary security issues. This issue has been fixed in version 4.12.26.
π@cveNotify
GitHub
Prototype pollution in Jodit via Jodit.modules.Helpers.set()
### Summary
`Jodit.modules.Helpers.set(chain, value, obj)` walks the dot-separated `chain`, creating and following each path segment, without filtering prototype-mutating keys. A chain that begins ...
`Jodit.modules.Helpers.set(chain, value, obj)` walks the dot-separated `chain`, creating and following each path segment, without filtering prototype-mutating keys. A chain that begins ...
π¨ CVE-2026-58263
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/<style> carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event handler survives into the editor value, potentially causing Mutation XSS. When an application supplies attacker-influenced HTML to the editor's value-set or insertion paths, the sanitized output still contains a live <img ... onload=...> (or another non-onerror handler such as onfocus). A consumer that renders that output (element.innerHTML = editor.value) executes the handler with no user interaction. This issue has been fixed in version 4.12.28.
π@cveNotify
Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/<style> carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event handler survives into the editor value, potentially causing Mutation XSS. When an application supplies attacker-influenced HTML to the editor's value-set or insertion paths, the sanitized output still contains a live <img ... onload=...> (or another non-onerror handler such as onfocus). A consumer that renders that output (element.innerHTML = editor.value) executes the handler with no user interaction. This issue has been fixed in version 4.12.28.
π@cveNotify
GitHub
Mutation XSS in jodit clean-html via a MathML/style rawtext carrier
### Summary
jodit's built-in `clean-html` sanitizer can be bypassed by a MathML/`<style>` carrier that hides a dangerous element from the sanitizer's element walk, so a no-interactio...
jodit's built-in `clean-html` sanitizer can be bypassed by a MathML/`<style>` carrier that hides a dangerous element from the sanitizer's element walk, so a no-interactio...
π¨ CVE-2026-36909
A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
A NULL pointer dereference in the AP4_TkhdAtom::GetTrackId() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
GitHub
We would like to report some critical issues from Bento4 Β· Issue #1062 Β· Aleksoid1978/MPC-BE
We found few more bugs that are still reproducible in Bento4 We are aware that it is a burden to fix the bugs from crafted files, but we found that few of them are critical in the security asepct S...
π¨ CVE-2026-36910
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
An access violation in the BaseSplitterFile::Read function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
GitHub
We would like to report some critical issues from Bento4 Β· Issue #1062 Β· Aleksoid1978/MPC-BE
We found few more bugs that are still reproducible in Bento4 We are aware that it is a burden to fix the bugs from crafted files, but we found that few of them are critical in the security asepct S...
π¨ CVE-2026-36911
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
GitHub
We would like to report some critical issues from Bento4 Β· Issue #1062 Β· Aleksoid1978/MPC-BE
We found few more bugs that are still reproducible in Bento4 We are aware that it is a burden to fix the bugs from crafted files, but we found that few of them are critical in the security asepct S...
π¨ CVE-2026-36912
A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
A NULL pointer dereference in the AP4_AtomSampleTable::GetSample() function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
π@cveNotify
GitHub
We would like to report some critical issues from Bento4 Β· Issue #1062 Β· Aleksoid1978/MPC-BE
We found few more bugs that are still reproducible in Bento4 We are aware that it is a burden to fix the bugs from crafted files, but we found that few of them are critical in the security asepct S...
π¨ CVE-2026-38891
An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.
π@cveNotify
An improper input validation in the gazebo_ros_diff_drive.cpp component of gazebo_plugins v3.9.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted geometry_msgs::Twist message.
π@cveNotify
GitHub
ROS-vul/Gazebo CVE/260328211736.mp4 at main Β· REYu6/ROS-vul
Contribute to REYu6/ROS-vul development by creating an account on GitHub.
π¨ CVE-2026-52186
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
π@cveNotify
SQL Injection vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to execute arbitrary code via the gohead/sub_463bbc component
π@cveNotify
GitHub
CVEreport/518G/FUN_00463bbc/README.md at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2026-52190
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component
π@cveNotify
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub_448384 component
π@cveNotify
GitHub
CVEreport/518G/FUN_00448384 at main Β· akuma-QAQ/CVEreport
Contribute to akuma-QAQ/CVEreport development by creating an account on GitHub.
π¨ CVE-2026-54259
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could see the filename and name and URLs of documents and images in those collections. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, the Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could see the filename and name and URLs of documents and images in those collections. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
GitHub
Improper restriction handling on Documents and Images chosen endpoints
### Impact
The Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could ...
The Documents and Images chooser's chosen endpoint incorrectly listed items for which the user has not been granted choose permission. A user with access to the Wagtail admin could ...
π¨ CVE-2026-54260
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
GitHub
Denial of service via unbounded filter specs in the image preview
### Impact
An authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation.
The vulnerability is not...
An authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation.
The vulnerability is not...
π¨ CVE-2026-54261
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not exposed. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not exposed. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
GitHub
Improper permission handling in image preview
### Impact
Due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not expos...
Due to a missing permission check on the image preview endpoint, a user with access to the Wagtail admin can preview any image. The existing data of the image object itself is not expos...
π¨ CVE-2026-54262
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, a low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
GitHub
Pages translations can be created without page permissions when using simple_translation
### Impact
A low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for.
### Patches
Patched v...
A low-level user with the "Can submit translation" permission can create translations for any page, including those they do not have permissions for.
### Patches
Patched v...
π¨ CVE-2026-54263
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could craft a URL that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is present for all sites, even if they do not enable the dynamic image serve view. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could craft a URL that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is present for all sites, even if they do not enable the dynamic image serve view. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This issue has been fixed in versions 7.0.8, 7.3.3, and 7.4.2.
π@cveNotify
GitHub
Reflected XSS in dynamic image URL generator view
### Impact
A reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account...
A reflected cross-site scripting (XSS) vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account...
π¨ CVE-2026-54704
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0.
π@cveNotify
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.28.0, the JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords can be added to trace span attributes and exported to observability backends. This issue has been fixed in version 2.28.0.
π@cveNotify
GitHub
JDBC Auto-Instrumentation Logging Clear-Text Passwords
OpenTelemetry Java Instrumentation JDBC auto-instrumentation may fail to sanitize passwords in SQL CONNECT statements when the password is double-quoted. As a result, clear-text database passwords ...
π¨ CVE-2026-54712
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0.
π@cveNotify
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. In versions prior to 2.27.0, the RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream. An attacker who can reach an RMI endpoint on an instrumented JVM can send an oversized context propagation payload. This can cause excessive memory allocation while the JVM reads the payload, potentially leading to denial of service. The issue affects only deployments where RMI instrumentation is enabled and an RMI endpoint is network-reachable. This issue has been fixed in version 2.27.0.
π@cveNotify
GitHub
OpenTelemetry Javaagent RMI context propagation allows resource exhaustion
The RMI context propagation payload reader limits the number of context entries but does not limit the aggregate size of the strings read from the stream.
An attacker who can reach an RMI endpoi...
An attacker who can reach an RMI endpoi...
π¨ CVE-2026-55793
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under the poisoned entry in table view, the payload executes in the victimβs session. The issue is exploitable because the title is escaped into data-title by the server, decoded again by the browser, read with jQuery .data('title'), and then concatenated into a new HTML string without attribute escaping. To exploit, an attacker must have an existing control panel account (Author role minimum), the victim must perform a drag operation (not just visit the page), and the victimβs session needs to be elevated at trigger time. This issue has been fixed in version 5.9.23.
π@cveNotify
Craft CMS is a content management system (CMS). In versions 5.0.0-RC1 through 5.9.22, an author-level control panel user can store a malicious JavaScript payload in an entry title. When an admin, or any control panel user with saveEntries for the same Structure section, drags another entry under the poisoned entry in table view, the payload executes in the victimβs session. The issue is exploitable because the title is escaped into data-title by the server, decoded again by the browser, read with jQuery .data('title'), and then concatenated into a new HTML string without attribute escaping. To exploit, an attacker must have an existing control panel account (Author role minimum), the victim must perform a drag operation (not just visit the page), and the victimβs session needs to be elevated at trigger time. This issue has been fixed in version 5.9.23.
π@cveNotify
GitHub
Fixed GHSA-xrqc-p465-2xvg Β· craftcms/cms@162321e
Build bespoke content experiences with Craft. Contribute to craftcms/cms development by creating an account on GitHub.
π¨ CVE-2026-14381
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
π@cveNotify
Incorrect security UI in WebAppInstalls in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
π@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.46/.47 for Windows and Mac and 150.0.7871.46 for Linux, which will roll out over the comi...