EUVD-2026-33100

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

Astra Linux - уязвимость в sox

There is a heap-based buffer overflow vulnerability in the sphere.c startread function of the Sound Exchange libsox 14.4.2 version and the main commit 42b3557e. A specially crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...

PT-2026-42214

Name of the Vulnerable Software and Affected Versions @cyntler/react-doc-viewer version 1.17.1 Description A Cross-Site Scripting XSS issue exists where remote attackers can execute arbitrary JavaScript by using a crafted .txt file. This occurs because the TXTRenderer component does not sanitize...

SUSE CVE-2026-8586

Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. Chromium security severity: Medium...

CVE-2026-41911 OpenClaw < 2026.4.8 - Workspace-Only Filesystem Policy Bypass via docx upload_file/upload_image

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

CVE-2026-6364

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. Chromium security severity: Medium...

MiracleLinux 8 : vim-8.0.1763-22.el8_10.1.ML.1 (AXSA:2026-423:06)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-423:06 advisory. vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28417 vim: Vim: Denial of service and information disclosure...

PT-2026-33164

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.101 Description An out of bounds read in Skia allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted file. An out of bounds read occurs when a...

SUSE CVE-2026-5909

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. Chromium security severity: Low...

Linux Distros Unpatched Vulnerability : CVE-2026-24660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow vulnerability exists in the x3floadhuffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a...

CVE-2026-35176

CVE-2026-35176 concerns openFPGALoader (1.1.1 and earlier) with a heap-buffer-overflow in POFParser::parseSection() while parsing crafted .pof files. The issue allows out-of-bounds heap memory access and does not require FPGA hardware to trigger. Impact per data shows high severity in confidentia...

BlindFilePwn

No d...

EUVD-2025-208827

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

CVE-2025-55040

The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF token validation, enabling malicious websites to forge file upload requests that install...

CVE-2025-64735

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

EUVD-2026-10948

Illustrator versions 29.8.4, 30.1 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access sensitive information stored in memory. Exploitation of this issue requires user interaction in that a vict...

CVE-2026-21363 Substance3D - Painter | NULL Pointer Dereference (CWE-476)

Substance3D - Painter versions 11.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption to services. Exploitation of this issue requires...

EUVD-2026-9291

A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch db9a9a63. A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the DecodeImage process. An attacker can access sensitive information from adjacent memory by submitting a specially crafted PCD file. Remediation A fix was pushed into the master branch but not yet published...

PT-2026-7423

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.6 and earlier Description The software contains a flaw that allows for writing data outside the intended memory boundaries. Successful exploitation of this issue could lead to arbitrary code execution with the...