38612 matches found
Google Chrome 输入验证错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient validation for untrusted inputs in the media component. It could allow remote attackers who...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in ANGLE, which could allow arbitrary code to be executed within a sandbox through specially crafted...
Linux Distros Unpatched Vulnerability : CVE-2026-5732
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect boundary conditions, integer overflow in the Graphics: Text component. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 140.9.1, Thunderbi...
Mozilla Firefox ESR < 140.9.1
The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-27 advisory. - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0,...
Mozilla Firefox ESR < 140.9.1
The version of Firefox ESR installed on the remote Windows host is prior to 140.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-27 advisory. - Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0....
ROS-20260407-73-0028
A vulnerability in the trace component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and...
CVE-2026-5708 Improper Control of User-Modifiable Attributes in RES CreateSession API
Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio RES prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with...
CVE-2026-5682
A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation leads to risky cryptographic algorithm. The attack may be performed from remote. The attack requires ...
EUVD-2026-19315
A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to...
CVE-2026-5665
A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to...
Improper Encoding or Escaping of Output
Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the Website field in the supplier component. An attacker can execu...
CVE-2026-31406
A flaw was found in the Linux kernel, specifically within its xfrm IP eXtensible FRamework component. This vulnerability arises from a race condition during network cleanup, where a scheduled task natkeepalivework can be re-activated and attempt to operate on memory that has already been freed...
CVE-2026-35562
Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this...
CVE-2026-31059
A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
PT-2026-30617
A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
CVE-2026-31059
A remote command execution RCE vulnerability in the /goform/formDia component of UTT Aggressive HiPER 520W v3v1.7.7-180627 allows attackers to execute arbitrary commands via a crafted string...
UTT 520W 安全漏洞
UTT 520W is a wireless router produced by China's UTTE Corporation. The UTT 520W v3v1.7.7-180627 version contains a security vulnerability. This vulnerability stems from issues with the /goform/formDia component, which may allow for remote command execution, potentially enabling the execution of...
PT-2026-30746
Name of the Vulnerable Software and Affected Versions AWS Research and Engineering Studio RES versions prior to 2026.03 Description An issue exists in the session creation component of AWS Research and Engineering Studio RES where unsanitized control of user-modifiable attributes could allow an...
CVE-2026-5597
The CVE-2026-5597 entry concerns griptape-ai griptape v0.19.4. Affects the ComputerTool component (griptape\tools\computer\tool.py) where manipulation of the argument filename can cause a path traversal. It is possible to exploit remotely; the exploit has been published. Exploit maturity is repor...