Html Exploits
2,054 exploits tracked across all sources.
Google Chrome - 'layout' Out-of-Bounds Read
by Google Security Research
DIGISOL DG-HR1400 Wireless Router - Cross-Site Request Forgery
by Indrajith.A.N
Microsoft Edge - Memory Corruption
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.
by Google Security Research
CVSS 7.5
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
by LiquidWorm
Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion
by Google Security Research
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Apple <10.2.1, <10.0.3, <10.1.1 - RCE
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by Google Security Research
CVSS 8.8
Cisco WebEx - 'nativeMessaging' Remote Command Execution
by Google Security Research
MC Hosting Coupons Script - Cross-Site Request Forgery
by Ihsan Sencan
Debian Linux < 52.1.0 - Use After Free
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
by Marcin Ressel
CVSS 9.8
FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)
by Ihsan Sencan
Brave Browser 1.2.16/1.9.56 - Address Bar URL Spoofing
by Aaditya Purani
Microsoft Edge - Memory Corruption
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297.
by Google Security Research
CVSS 7.5
Microsoft Edge - Memory Corruption
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
by Google Security Research
CVSS 7.5
Microsoft Internet Explorer 11 - Memory Corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-2753, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
by Skylined
Mozilla Firefox <3.5.1 - RCE
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
by Hacker Fantastic
Microsoft Internet Explorer - Resource Management Error
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."
by Skylined
CVSS 8.8
WordPress Plugin Quiz And Survey Master 4.5.4/4.7.8 - Cross-Site Request Forgery
by dxw
Microsoft Internet Explorer 9 - MSHTML CMarkup::ReloadInCompatView Use-After-Free
by Skylined
Microsoft Internet Explorer <10 - Code Injection
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3161.
by Skylined
By Source