CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

CVE-2024-47271

Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors...

CVE-2024-11399

CVE-2024-11399 affects Synology BeeDrive for Desktop (redis-server component) prior to version 1.3.2-13814. Local users can trigger a denial-of-service via unspecified vectors, with impact on availability (CVSSv3.1: AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H). Root cause details are not specified in the...

CVE-2026-40839 Authenticated SQLi in getComponentScalings function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40839

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

EUVD-2026-32138

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40839

The CVE-2026-40839 entry describes a SQL Injection in the getComponentScalings function. An unauthenticated/low-privileged remote attacker can leverage improper neutralization of input in a SQL SELECT, potentially leading to total confidentiality loss. The vulnerability is noted with CVSS 3.1 bas...

PT-2026-44060

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description The Text component in this open-source low-code platform renders markdown by assigning the output of the marked.parsemarkdown function directly to innerHTML without using a sanitizer. This creates ...

CVE-2026-45982

ACPICA: Fix NULL pointer dereference in acpievaddressspacedispatch...

PT-2026-43876

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A duplicate resource teardown occurs in the PCI endpoint pci-epf-ntb component. The function epf ntb epc destroy performs...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow issue in the ANGLE component, which could allow remote attackers to exploit the vulnerability throug...

CVE-2026-46048

ALSA: caiaq: fix usbdev refcount leak on probe failure...

CVE-2026-45963

ASoC: nau8821: Cancel delayed work on component remove...

PT-2026-43747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the PCI/P2PDMA component where the p2pmem alloc mmap function fails to invoke percpu ref put to release the per-CPU reference of pgmap acquired after gen pool alloc...

PT-2026-44610

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in ANGLE allows a remote attacker who has compromised the renderer process to execute arbitrary code through a crafted HTML page. Use after free is a memory...

PT-2026-43849

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ACPICA component within the acpi ev address space dispatch function. This issue occurs due to a missed execution path that lacks a necessary chec...

CVE-2026-36045

picoclaw =v0.1.2 and earlier is vulnerable to OS command injection via the ExecTool component pkg/tools/shell.go. The guardCommand function attempts to restrict shell command execution using a denylist of 8 regular expressions, but the denylist is incomplete...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Views component’s ability to re-use resources after release, potentially allowing remote attackers to exploi...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability, which was caused by improper implementation of the Media component. This vulnerability could allow remote attackers to leak cross-source data through...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a security vulnerability, which was caused by improper implementation of the Media component. This vulnerability could allow remote attackers to bypass the origin policy using...