PT-2026-47457

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Aura on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of...

PT-2026-47472

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in ViewTransitions, which allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free i...

PT-2026-47449

Name of the Vulnerable Software and Affected Versions typo3/html-sanitizer versions prior to 2.3.2 Description Namespace attributes are not encoded correctly during HTML serialization. This flaw allows the cross-site scripting prevention mechanism to be bypassed. Cross-site scripting is a techniq...

PT-2026-47288

Stored cross-site scripting in the service discovery active check output in Checkmk 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom checks to inject malicious HTML or JavaScript into check output that executes in the browser of an adm...

PT-2026-47278

Name of the Vulnerable Software and Affected Versions Bolt CMS versions prior to 3.7.6 Description An issue exists in the HTML Attribute Handler component within the file src/Storage/Field/Type/TextType.php. A remote attacker can perform HTML injection by manipulating the style argument. This...

PT-2026-47316

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.68 Description A buffer overflow occurs in the mod proxy html module, which can be triggered by an untrusted backend. Recommendations Upgrade to version 2.4.68...

PT-2026-47501

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read occurs in Skia, a graphics library. This allows a remote attacker who has already compromised the renderer process to leak cross-origin data by using a specially...

perl-HTML-Parser-3.850.0-1.1 on GA media (moderate)

perl-HTML-Parser-3.850.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10957-1 Rating: moderate Cross-References: CVE-2026-8829 CVSS scores: CVE-2026-8829 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

PT-2026-47508

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An inappropriate implementation in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. This...

Medium: python3.13

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

Medium: python3.9

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

PT-2026-47448

Name of the Vulnerable Software and Affected Versions typo3/html-sanitizer versions prior to 2.3.2 Description When the ALLOW INSECURE RAW TEXT setting is enabled, the sanitizer fails to recognize closing tags containing whitespace variants, such as . Because browsers interpret these as valid end...

PT-2026-47490

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Payments allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free occurs when an application continues to u...

PT-2026-47462

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the Autofill component on Windows. A remote attacker can exploit heap corruption—a condition where memory is improperly managed on the heap—by convinci...

PT-2026-47468

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in Web Apps allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted HTML page. Use after fre...

PT-2026-47495

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 149.0.7827.103 Description An out of bounds read occurs in the Media component. This allows a remote attacker who has already compromised the renderer process to access potentially sensitive...

PT-2026-47458

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue exists in the TabStrip component. This allows a remote attacker to execute arbitrary code via a crafted HTML page if a user is convinced to perform specific UI...

PT-2026-47477

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in the Network component allows a remote attacker to execute arbitrary code within a sandbox by utilizing a specially crafted HTML page. Use after free occurs wh...

PT-2026-47511

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description An inappropriate implementation in MediaCapture allows a remote attacker to leak cross-origin data, which is data from a different origin than the one that initiated the request...

PT-2026-47515

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient policy enforcement in Passwords allows a remote attacker who has compromised the renderer process to bypass site isolation by using a crafted HTML page. Site isolation is ...