PT-2026-38183

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description Insufficient validation of untrusted input in the Updater component on Windows allows a local attacker to achieve OS-level privilege escalation by using a malicious file. Recommendation...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 had a vulnerability related to input validation. This vulnerability stemmed from insufficient trust-based input validation in the Payments component, which could allow a remote attacker with...

LangChain-Chatchat 加密问题漏洞

LangChain-Chatchat is a chatbot software developed based on the LangChain framework, open-sourced by Chatchat-Space. Versions of LangChain-Chatchat 0.3.1.3 and earlier had an encryption vulnerability. This vulnerability stems from a function in the Uploaded File Handler component, specifically th...

ROS-20260505-73-0053

A vulnerability in the http.cookies.Morsel component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient input validation by Network, which could allow a remote attacker with access to the renderer...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 148.0.7778.96 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after they were released in the Views component, which could allow...

RHEL 9 : firefox (RHSA-2026:13596)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13596 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng:...

RHEL 8 : firefox (RHSA-2026:13683)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:13683 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: libpng:...

PT-2026-38128

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description An inappropriate implementation in the Speech component allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via ...

ROS-20260505-73-0032

A vulnerability in the Content-Length component of the Python programming language interpreter is associated with uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...

AlmaLinux 8 : thunderbird (ALSA-2026:13537)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:13537 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScrip...

CVE-2026-7579

A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The...

CVE-2025-56568

Assertion failure vulnerability in the PCO Protocol Configuration Options parser in the SMF Session Management Function component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol...

CVE-2025-70072

A flaw was found in Assimp. A remote attacker can exploit this vulnerability by manipulating the FBXConverter.cpp and FBXConverter::ConvertMeshMultiMaterial components, leading to a denial of service. This can make the affected system or application unavailable to legitimate users...

firefox: thunderbird: Privilege escalation in the Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Networking component...

firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC: Networking component...

firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the Libraries component in NSS...

firefox: thunderbird: Use-after-free in the Widget: Cocoa component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the Widget: Cocoa component...

firefox: thunderbird: Incorrect boundary conditions in the WebRTC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the WebRTC component...

firefox: thunderbird: Privilege escalation in the Debugger component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Privilege escalation in the Debugger component...