PT-2026-46421

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An out of bounds write in the GPU allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. An out of bounds write occurs when a program...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Template-Toolkit vulnerability (USN-8377-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8377-1 advisory. It was discovered that Template-Toolkit did not properly escape single quotes in the htmlfilter function of Template::Plugin::HTML...

PT-2026-46784

Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

PT-2026-46423

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description A use after free issue in the Printing component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HT...

PT-2026-46767

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

PT-2026-46776

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

PT-2026-46602

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description A use after free issue in WebRTC allows a remote attacker to execute arbitrary code through a specially crafted HTML page. Use after free is a memory corruption flaw that occur...

PT-2026-46752

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in the PreviewTab allows a remote attacker to bypass the same origin policy—a security mechanism that restricts how a document or script loade...

PT-2026-46771

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46787

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46779

Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

PT-2026-46799

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in the Reading List allows a remote attacker to perform privilege escalation. This is achieved by convincing a user to engage in specif...

PT-2026-46788

Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

PT-2026-46818

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description An inappropriate implementation in Android Autofill allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or...

PT-2026-46690

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue in Messages allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw...

PT-2026-46488

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description A use after free issue in the Input component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...

HTML::Parser 安全漏洞

HTML::Parser is a tool for parsing HTML documents and separating markup from content, developed as open source by libwww-perl. Versions of HTML::Parser prior to 3.84 contained security vulnerabilities. These vulnerabilities stemmed from the XS routine’s cache pointing to the SV pointer in the...

GHSA-Q29V-XC37-WH5M Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

GHSA-PJ2V-GGQH-CMQ2 Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...