CVE-2026-9938

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-9896

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-10022

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-10022

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-9973

CVE-2026-9973 is an out-of-bounds write in the V8 engine of Google Chrome. A remote attacker could execute arbitrary code inside the Chrome sandbox via a crafted HTML page on affected Chrome builds prior to 148.0.7778.216. Remediation is to update Chrome to 148.0.7778.216 or newer (Chrome stable ...

CVE-2026-9938

CVE-2026-9938 concerns an inappropriate implementation in the V8 component of Google Chrome, affecting Chrome versions prior to 148.0.7778.216. The vulnerability allows a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. The cited sources consistently d...

CVE-2026-9938

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-9896

CVE-2026-9896 is an out-of-bounds write in the V8 engine of Google Chrome, affecting Chrome versions prior to 148.0.7778.216. The vulnerability could allow a remote attacker to execute arbitrary code within the browser sandbox via a crafted HTML page. The issue is mapped across multiple feeds (NV...

CVE-2026-9896

Out of bounds write in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-9645

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

CVE-2026-9645 ScadaBR Authenticated Remote Code Execution

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

EUVD-2026-33028

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

CVE-2026-9645

Technical details about CVE-2026-9645 are not publicly available in the provided documents. No explicit affected product/version or root cause is disclosed here. Monitor for updates from the sources.

CVE-2026-9645 ScadaBR Authenticated Remote Code Execution

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root...

CVE-2026-44657

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

CVE-2026-44657 MantisBT: Stored XSS in File Download

Mantis Bug Tracker MantisBT is an open source issue tracker. Prior to 2.28.2, using showinline=1 parameter and a valid fileshowinlinetoken CSRF token on filedownload.php, an attacker can execute code by uploading a crafted XHTML attachment referencing a JavaScript attachment. This vulnerability i...

CVE-2026-46360

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQEDIT permission can upload malicious SVG files with deeply...

CVE-2026-46361

phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protection. Attackers with FAQ editor privileges can inject HTML-entity-encoded payloads that bypass...

CVE-2026-46509

deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain proto/constructor/prototype. The property path must not be exposed as user input. This vulnerability is fixed in 1.0.3...

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...