252750 matches found
CVE-2026-58025 Remote Code Execution via Unsafe Deserialization in LogItem Import
Deserialization of untrusted data vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/WikiImporter.Php, includes/Import/WikiRevision.Php, includes/Logging/LogEntryBase.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4,...
CVE-2026-57517 Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...
CVE-2026-8857 Full RCE using EasyTimeline Extension
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
CVE-2026-8387
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
EUVD-2026-40957
A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...
FOSSBilling - Server-Side Template Injection
A Server-Side Template Injection SSTI vulnerability exists in FOSSBilling's template rendering system. Administrators with access to features that render Twig templates email templates, mass mail campaigns, custom payment adapters, and the stringrender API endpoint can inject arbitrary Twig...
dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection
A flaw was found in dynaconf, a Python configuration management tool. This Server-Side Template Injection SSTI vulnerability occurs due to unsafe template evaluation in the @Jinja resolver when the jinja2 package is installed. A remote attacker could exploit this by embedding malicious template...
DEBIAN-CVE-2026-14091
Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-13845
Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-13788
Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
DEBIAN-CVE-2026-14067
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-13848
Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-13965
Use after free in Oilpan in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13786
Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
DEBIAN-CVE-2026-14064
Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-13815
Use after free in Blink in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-14108
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...
DEBIAN-CVE-2026-14107
Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-13870
Use after free in WebView in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-13855
Use after free in Ozone in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...