Ubuntu 26.04 LTS : Ubuntu Kylin Software Center vulnerability (USN-8424-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8424-1 advisory. It was discovered that Ubuntu Kylin Software Center incorrectly handled user-supplied input in its D-Bus service. A local attacker could possibly use this issue t...

CVE-2026-10974

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-11079

Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory write via a crafted video file. Chromium security severity: Medium...

Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 had a vulnerability related to input validation. This vulnerability stemmed from insufficient validation of untrusted inputs in the media component. A remote attacker could execute arbitrary...

DEBIAN-CVE-2026-10010

Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-10010

Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-40383 Joomla! Core - [20260509] - LFI in HTMLView layout parameter

An improper validation of user-supplied input leads to a local file inclusion vulnerability...

EUVD-2026-31303

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in ics205.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmaddstr POST parameter directly into an HTML form hidden input value attribute...

CVE-2026-8003

An insufficient validation of untrusted input flaw was found in the TabGroups component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495985532...

SUSE CVE-2026-5884

Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

Debian dsa-6147 : python-pil-doc - security update

The remote Debian 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6147 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6147-1 [email protected] https://www.debian.org/security/ Moritz...

CVE-2026-2320

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-2322

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3687Cross-site scripting vulnerability in E-mail CWE-79 - CVE-2026-20711 CyVDB-3689Cross-site scripting vulnerability in Message CWE-79 - CVE-2026-22881 CyVDB-3995Improper input verification in...

PT-2026-4832

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.0 Description Shaarli is a personal bookmarking service susceptible to a cross-site scripting XSS issue. A malicious tag beginning with a double quote " can prematurely terminate the tag on the start page, enabli...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001329)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001329 advisory. The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCPPKTREQUEST packet data structures in the LISTEN state, which...

CVE-2025-34409 MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

CVE-2025-23361

NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and da...

EUVD-2025-3964

Malicious code in bioql PyPI...

EUVD-2024-32347

Malicious code in bioql PyPI...