EUVD-2026-34738

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11258

Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

PT-2026-46778

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

PT-2026-46662

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in the Autofill feature allows a remote attacker to bypass discretionary access control, which is a mechanism used to restrict access to objects based on...

CVE-2026-41141

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

PT-2026-43540

Name of the Vulnerable Software and Affected Versions Query Shortcode versions prior to 0.2.2 Description The Query Shortcode plugin for WordPress contains a Local File Inclusion issue within the shortcode function. Authenticated attackers with contributor-level access or higher can exploit this ...

EUVD-2025-209937

Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n/a through 1.2.1...

CVE-2026-9517 hemant6488 CodeIgniter-StudentManagementSystem Student Management addStudentView access control

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

PT-2026-43240

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

EUVD-2026-31613

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

EUVD-2026-30087

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...

CVE-2026-0241

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

PT-2026-40766

Incorrect Authorization vulnerabilities in Trust Protection Foundation allow attackers to bypass access controls and perform unauthorized actions on restricted resources...

CVE-2026-42855

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication hash using the URI field from the client's Authorization header,...

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-7952

Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-25784

OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information disclosure...

Kyverno 安全漏洞

Kyverno is an open-source policy engine designed for Kubernetes by Kyverno developers. There is a security vulnerability in Kyverno, which stems from the fact that the ConfigMap context loader does not validate the configMap.namespace field. This allows namespace administrators to use Kyverno’s...

CVE-2026-41358 OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context

OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through allowlisted user replies to bypass sender access controls and manipulate model context...