CVE-2026-10017

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-9995

Use after free in WebXR in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a "velocity gap" wher...

PingCAP TiDB nil pointer dereference

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

CVE-2024-37820

A nil pointer dereference in PingCAP TiDB v8.2.0-alpha-216-gfe5858b allows attackers to crash the application via expression.inferCollation...

PYSEC-2023-216

Cross-site Scripting XSS - DOM in GitHub repository modoboa/modoboa prior to 2.2.2...

FreeBSD : py-beaker -- arbitrary code execution vulnerability (b54abe9d-7024-4d10-98b2-180cf1717766)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b54abe9d-7024-4d10-98b2-180cf1717766 advisory. - The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which...

Debian: Security Advisory (DLA-216-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

Amazon Linux 2022 : openexr (ALAS2022-2022-216)

The version of openexr installed on the remote host is prior to 3.1.5-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-216 advisory. - An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet 64 bits. This could cause...

GHSA-MPV3-G527-FQRJ Cloud Foundry Runtime Cross-Site Request Forgery vulnerability

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry PCF Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery CSRF attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks...

Backdoor.Win32.SkyDance.216 Buffer Overflow

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/694ecf256c97ef6e206e2073d37e5944.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.SkyDance.216 Vulnerability: Remote Stack Buffer Overflow Description: The malware...

Debian DLA-1099-1 : linux security update (BlueBorne) (Stack Clash)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denia...

[SECURITY] [DSA 3945-1] linux security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3945-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 17, 2017 https://www.debian.org/security/faq -...

Debian DSA-3927-1 : linux - security update (Stack Clash)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the...

Debian: Security Advisory (DSA-3927-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : xen (2017-5c6a9b07a3)

xen: various flaws 1463247 blkif responses leak backend stack data XSA-216 page transfer may allow PV guest to elevate privilege XSA-217 Races in the grant table unmap code XSA-218 x86: insufficient reference counts during shadow emulation XSA-219 x86: PKRU and BND leakage between vCPU-s XSA-220...

Design/Logic Flaw

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...

CVE-2017-10911

The makeresponse function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS or other guest OS kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structure...