PT-2026-44909

Name of the Vulnerable Software and Affected Versions Axios versions 1.15.2 through 1.15.9 Description Nested objects created by the merge function in utils.js are constructed as plain objects, meaning they retain Object.prototype in their prototype chain. The setProxy function in...

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...

PT-2026-44923

Name of the Vulnerable Software and Affected Versions MoviePilot version v2 Description An issue exists in the image proxy endpoint '/api/v1/system/img/proxy' that allows authenticated attackers to request arbitrary URLs. By providing a resource token cookie and a URL with a domain that matches t...

PT-2026-44984

Name of the Vulnerable Software and Affected Versions axios versions prior to 0.32.0 axios versions prior to 1.16.0 Description Axios is a promise-based HTTP client for the browser and Node.js. The issue resides in the lib/helpers/shouldBypassProxy.js file and is caused by the failure to normaliz...

Neotoma 访问控制错误漏洞

Neotoma is a locally prioritized open-source tool developed by Mark Hendrickson as an AI agent for managing state and records across various tools. Versions of Neotoma from 0.6.0 to 0.11.1 contained an access control vulnerability. This vulnerability occurred when the application received request...

PT-2026-44980

Name of the Vulnerable Software and Affected Versions FastGPT versions prior to 4.15.0-beta1 Description The JavaScript sandbox worker fails to properly block dynamic import calls due to an insufficient regular expression. The regex /bimports/.testcode only accounts for ASCII whitespace and does...

PT-2026-44752

A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soup body input stream read chunked function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of ...

Linux Distros Unpatched Vulnerability : CVE-2026-9887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security...

SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

AlmaLinux 9 : httpd (ALSA-2026:21391)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:21391 advisory. httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due ...

SUSE SLES15 Security Update : go1.26-openssl (SUSE-SU-2026:2092-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2092-1 advisory. This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME...

Linux Distros Unpatched Vulnerability : CVE-2026-6324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soupbodyinputstreamreadchunked function by sending a...

Alibaba Cloud Linux 3 : 0137: nginx (ALINUX3-SA-2026:0137)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0137 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41741: NGINX Open Source before...

DEBIAN-CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

CVE-2026-9887

CVE-2026-9887 is a use-after-free vulnerability in the Chromium-based Proxy component of Google Chrome, exploitable via a crafted PAC script to achieve remote code execution. The flaw affects Chrome before version 148.0.7778.216, and Google released a stable-channel fix in 148.0.7778.216/217 (Win...

CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...