CVE-2026-9549

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

CVE-2026-9549 Fix XSS in service discovery active check output

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

CVE-2026-8833 XSS in urls

Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validation and inject malicious URLs such as javascript: URIs, resulting in cross-site scripting when another...

CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

CVE-2026-11511 Bolt CMS HTML Attribute TextType.php HTML injection

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

EUVD-2026-35059

A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a manipulation of the argument style can lead to HTML injection. It is possible to launch the attack...

CVE-2026-11511

The CVE-2026-11511 affects Bolt CMS up to version 3.7.5, specifically a weakness in the file src/Storage/Field/Type/TextType.php within the HTML Attribute Handler. The issue enables remote HTML injection when an attacker manipulates the argument style. It is exploitable remotely and an exploit ha...

PT-2026-47487

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after free i...

PT-2026-47493

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read occurs in WebRTC, which is a framework for real-time communication. This issue allows a remote attacker who has already compromised the GPU process to potentially...

PT-2026-47478

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Extensions allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after...

PT-2026-47455

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Ozone allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free is a condition where a program continues to...

PT-2026-47463

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Views allows a remote attacker to execute arbitrary code when a user opens a crafted HTML page. Use after free is a memory corruption flaw that occurs...

PT-2026-47481

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An integer overflow in the Media component allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page....

PT-2026-47519

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in Plugins allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is a...

PT-2026-47498

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.103 Description A heap buffer overflow exists in the GPU component. This issue allows a remote attacker who has already compromised the renderer process to potentially achieve a sandbox...

PT-2026-47510

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in the Network component allows a remote attacker who has compromised the utility process to leak cross-origin data through the use of a crafted HTML...

PT-2026-47524

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue exists in the Bluetooth component, which could allow a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free ...

PT-2026-47465

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Compositing allows a remote attacker to execute arbitrary code when a user opens a crafted HTML page. Use after free is a memory corruption flaw that...

PT-2026-47520

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the ServiceWorker component. This allows a remote attacker who has already compromised the renderer process to execute arbitrary code within a sandbox ...

PT-2026-47523

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input in the UI allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. A sandbox escape is a technique used...