DEBIAN-CVE-2026-11252

Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11251

Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11252

Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be leveraged to access these API functions, enabling access to browser history information and the ability to open or close tabs...

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

CVE-2026-11326

OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on .openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functions, allowing access to browser history information and the ability to open or close tabs. OpenAI...

PT-2026-46967

Improper Access Control, Missing Authorization vulnerability in HAVELSAN Inc. Geographic Tracking System allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Geographic Tracking System: before v0.0.2...

Linux Distros Unpatched Vulnerability : CVE-2026-11190

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to...

JCE Joomla Component 访问控制错误漏洞

JCE Joomla Component is an editor component used within the Joomla content management system. The JCE Joomla Component has a security vulnerability related to access control. This vulnerability stems from allowing unauthenticated users to create new editor profiles, ultimately leading to the uplo...

PT-2026-47086

Summary A low-privilege MCP token holder with knowledge of an attachment path could read any file in shared storage, including attachments belonging to other bases and workspaces, because the MCP readAttachment tool did not verify the file's ownership. Details The MCP readAttachment tool accepts...

Linux Distros Unpatched Vulnerability : CVE-2026-11251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process t...

Linux Distros Unpatched Vulnerability : CVE-2026-11252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via...

Linux Distros Unpatched Vulnerability : CVE-2026-11193

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via...

PT-2026-46918

Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...

PT-2026-47019

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The File Manager functionality contains a Broken Access Control issue resulting from...

PT-2026-47037

Name of the Vulnerable Software and Affected Versions OpenXDMoD versions prior to 11.0.3 Description A flaw in the access control logic allows an attacker to submit a crafted HTTPS POST request to set a session variable used for authorization decisions. In installations including the optional Job...

Open XDMoD 访问控制错误漏洞

Open XDMoD is an open-source tool developed by the Center for Computational Research for managing high-performance computing resources. Versions of Open XDMoD prior to 11.0.3 contained a access control vulnerability. This vulnerability stemmed from a flaw in the access control logic, allowing...

SAMSUNG Mobile devices 安全漏洞

Samsung Mobile devices are a series of mobile devices produced by South Korea’s Samsung Corporation, including smartphones and tablets. Versions of Samsung Mobile Devices prior to SMR Jun-2026 Release 1 contained security vulnerabilities. These vulnerabilities were due to improper access control,...

PT-2026-46992

Summary The public shared-view relation endpoints accepted a caller-supplied column ID without verifying that the column was visible in the shared view, so anyone holding a share UUID could read links from any LTAR column on the view's table — including columns the view owner had hidden. Details...