PT-2026-47509

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description A use after free issue in WebCodecs allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. Use after free is a memory corruption flaw that...

Checkmk 跨站脚本漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0p5, 2.4.0p31, 2.3.0p48, and all 2.2.0 versions contained a cross-site scripting vulnerability. This vulnerability stemmed from improper decoding of HTML-encoded characters in the URL validatio...

Bolt CMS 注入漏洞

Bolt CMS is an open-source content management system based on PHP, developed by Bolt CMS. Versions of Bolt CMS 3.7.5 and earlier have a vulnerability related to injection attacks. This vulnerability stems from the handling of the 'style' parameter in the Component HTML Attribute Handler file,...

PT-2026-47473

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.103 Description A use after free issue in the Printing component allows a remote attacker who has already compromised the renderer process to potentially perform a sandbox escape. This is...

Medium: perl-Template-Toolkit

Issue Overview: emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly...

Amazon Linux 2 : perl-Template-Toolkit, --advisory ALAS2-2026-3345 (ALAS-2026-3345)

The version of perl-Template-Toolkit installed on the remote host is prior to 2.24-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3345 advisory. emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter functi...

Amazon Linux 2023 : perl-Template-Toolkit (ALAS2023-2026-1797)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1797 advisory. emplate::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be...

PT-2026-47507

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.103 Description A use after free issue in Ozone allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. Use after free is a condition where a program...

PT-2026-47491

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description An out of bounds read in Dawn allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. An out of bounds read occurs when a program reads data past the...

caddy -- multiple vulnerabilities

Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory GHSA-qrp7-cvwr-j2c6 reports: Windows-encoded backslashes in request paths could bypass path-scoped authorization rules before files are served by fileserver. GitHub Security Advisory GHSA-f59h-q822-g45g...

PT-2026-47463

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.103 Description A use after free issue in Views allows a remote attacker to execute arbitrary code when a user opens a crafted HTML page. Use after free is a memory corruption flaw that occurs...

pentestai

PentestAI Autonomous penetration testing framework for intent...

HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities

...

SUSE CVE-2026-10881

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10886

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10889

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10892

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10900

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-10901

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...