PT-2026-45772

Name of the Vulnerable Software and Affected Versions Vivotek FD8136 version FD8136-VVTK-0300a Description A remote buffer overflow occurs in the admin interface. An authenticated attacker can exploit this to execute arbitrary code with root privileges on the device via the...

Google Chrome 代码注入漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 had a code injection vulnerability, which was caused by accessibility script injection. This vulnerability could allow attackers to inject arbitrary scripts or HTML through...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of unreliable inputs, which could allow remote attackers to exploit custom QR codes to...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could inject arbitrary scripts or HTML through a specially crafted HTML page...

PT-2026-46445

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in DevTools allows a remote attacker who has compromised the renderer process to inject arbitrary scripts or HTML, leading to Universal...

PT-2026-46649

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Keyboard component allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is the ability to execute scripts across differe...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper SVG implementation. A remote attacker could inject arbitrary scripts or HTML through a specially crafted HTML page...

PT-2026-46693

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in SVG allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is the ability to execute scripts across different origins, by usin...

PT-2026-46713

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is the ability to execute scripts across different origins, by usin...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper XML implementation. Remote attackers could inject arbitrary scripts or HTML through specially crafted HTML pag...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementations in the Keyboard component. Remote attackers could inject arbitrary scripts or HTML through specially crafted HT...

Malicious Package

Overview @vpmdhaj/search-setup is a malicious package. This package contains malicious code, and its content has been removed from the official package manager. While this package typosquats well-known libraries to impersonate valid open-source ecosystems, there is no connection between those...

GHSA-2H32-95RG-CPPP Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML allowlist in dist/purify.cjs.js and related build artifacts. An attacker can inject a selectedcontent element into HTML, triggerin...

CVE-2026-10260 CodeAstro Online Job Portal delete-jobs.php sql injection

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

MAL-2026-5120 Malicious code in redteam-qxz7-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 855b67c0cf1aaed6f5e0ce3a67478a20cd4244c56424002feeeb0dea1a875848 During installation, the package exfiltrates cloud tokens from the environment. --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

CVE-2026-10257 itsourcecode Content Management System update_ss_img.php sql injection

A security flaw has been discovered in itsourcecode Content Management System 1.0. This issue affects some unknown processing of the file /admin/updatessimg.php. The manipulation of the argument topicid results in sql injection. The attack can be executed remotely. The exploit has been released t...

EUVD-2026-33631

A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /managepayment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2026-10252 itsourcecode Online House Rental System manage_tenant.php sql injection

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /managetenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...