Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx

FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exp...

CVE-2026-34302

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Loader. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the...

CVE-2026-41068

Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's apiCall context by validating the URLPath field. However, the ConfigMap context loader has the identical vulnerability — the...

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

Chromium: CVE-2026-11240 Insufficient validation of untrusted input in Loader

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

EUVD-2026-34701

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

DEBIAN-CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

Linux Distros Unpatched Vulnerability : CVE-2026-11240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process ...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11240

CVE-2026-11240 affects Google Chrome (Loader) with insufficient validation of untrusted input, allowing a remote attacker who has compromised the renderer process to bypass site isolation via a crafted HTML page. The issue is described for Chrome versions prior to 149.0.7827.53; exploitation deta...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11240

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

ROOT-APP-NPM-CVE-2022-37601 CVE-2022-37601 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37601 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-37599 CVE-2022-37599 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37599 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2022-37603 CVE-2022-37603 in @rootio/loader-utils - Patched by Root

Root has patched CVE-2022-37603 in the @rootio/loader-utils package for Root:npm. Multiple fixed versions available...

PT-2026-46244

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

PT-2026-46767

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...