Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation by the GPU component, which could allow remote attackers with compromised rendering...

Intel Data Center Graphics Driver 缓冲区错误漏洞

Intel Data Center Graphics Driver is a set of graphics drivers developed by Intel Corporation, aimed at data center GPUs and graphics acceleration devices. The Intel Data Center Graphics Driver for versions prior to VMware ESXi 2.0.2 contains a buffer error vulnerability. This vulnerability stems...

PT-2026-40151

Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description A race condition occurs in Windows Win32K - GRFX due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally. ...

KB5089548: Windows 11 Version 26H1 Security Update (May 2026)

The remote Windows host is missing security update 5089548. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Heap-based buffer overflow in Windows Win32K -...

KB5087420: Windows 11 version 23H2 Security Update (May 2026)

The remote Windows host is missing security update 5087420. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Use after free in Windows Hyper-V allows an...

KB5087539: Windows Server 2025 Security Update (May 2026)

The remote Windows host is missing security update 5087539 or hotpatch 5087423. It is, therefore, affected by multiple vulnerabilities - Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. CVE-2026-41096 - Stack-based buffer overflow...

KB5087538: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2026)

The remote Windows host is missing security update 5087538. It is, therefore, affected by multiple vulnerabilities - Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. CVE-2026-41089 - Heap-based buffer overflow in Windows Win32K - GRFX...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from insufficient GPU policy execution, which could allow remote attackers to exploit the system through specially crafted HTML...

PT-2026-40146

Name of the Vulnerable Software and Affected Versions Windows Win32K - GRFX affected versions not specified Description A race condition occurs in Windows Win32K - GRFX due to improper synchronization when using a shared resource. This allows an authorized attacker to elevate privileges locally t...

PT-2026-40086

Out-of-bounds read for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...

PT-2026-44982

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description A heap-buffer-overflow write can be triggered in the client when connecting to a malicious RDP server that sends crafted RDPGFX PDUs Protocol Data Units. The issue occurs in the gdi CacheToSurface...

KLA91038 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information. Below is a complete list of...

PT-2026-40094

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

PT-2026-40165

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

PT-2026-40093

Name of the Vulnerable Software and Affected Versions IntelR Data Center Graphics Driver for VMware ESXi versions prior to 2.0.2 Description A buffer overflow in the Ring 1: Device Drivers may allow a privileged local attacker to escalate privileges and execute arbitrary code. This issue can be...

Intel® Graphics Advisory

Summary: Potential security vulnerabilities for some Intel® Graphics software may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2026-20794 Description: Buffer overflow for the...

EUVD-2026-29337

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

Cross-site Scripting (XSS)

SiYuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of attacker-controlled content in SVG output generated by the dynamic icon API endpoint, which allows an attacker to inject and execute malicious JavaScript through crafted URLs...