EUVD-2026-36329

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-11206

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

SAMSUNG rLottie 安全漏洞

SAMSUNG rLottie is a platform-independent C++ library developed by Samsung Electronics of South Korea. It is used for real-time rendering of vector-based animations and art. A previous version of SAMSUNG rLottie had a security vulnerability caused by uncontrolled recursion, which could lead to th...

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

Astra Linux - уязвимость в chromium

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

CVE-2026-40117

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...

CVE-2026-33935 MyTube has Unauthenticated Account Lockout via Shared Login Attempt State

MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...

EUVD-2026-14516

MantisBT is vulnerable to authentication bypass through the SOAP API on MySQL...

SUSE CVE-2026-3538

Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: Critical...

PT-2025-46537

Name of the Vulnerable Software and Affected Versions Spectrum Power versions prior to 4.70 SP12 Update 2 Description The application is susceptible to local database modification, potentially allowing an attacker to obtain administrative application privileges. Recommendations Update to version...

Google Chrome Security Update (stable-channel-update-for-desktop_14-2025-10) - Linux

Google Chrome is prone to an use after free vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome";...

MimeTeX 安全漏洞

MimeTeX is an image converter from the individual developer John Forkosh. A security vulnerability exists in versions of MimeTeX prior to v.1.77, which stems from a specially crafted file upload that causes directory traversal, which could lead to the execution of arbitrary code...

FAST LTA Silent Brick WebUI 安全漏洞

The FAST LTA Silent Brick WebUI is a web-based user interface for a Silent Brick data storage system from FAST LTA. A security vulnerability exists in FAST LTA Silent Brick WebUI versions prior to 2.63, which stems from operating system command injection and could allow a remote attacker to execu...

Veritas Enterprise Vault 安全漏洞

Veritas Enterprise Vault is a Veritas platform for capturing, archiving, and discovering information across all communication platforms. A security vulnerability exists in Veritas Enterprise Vault versions prior to 15.2 that originates from untrusted data received on the .NET Remoting TCP port th...

pypdf 安全漏洞

PyPDF2 is a free open source pure python PDF library . Able to split, merge, crop and convert pages of PDF files. pypdf 1.27.9 previous version of a security vulnerability , the vulnerability stems from the attacker can make PDF lead to unexpected long run , will block the process...

cpp-httplib 注入漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++. A security vulnerability exists in cpp-httplib versions prior to 0.12.4 that stems from vulnerability to CRLF injection, which can lead to logic errors and other misbehavior...

Mozilla: Memory safety bugs fixed in Firefox ESR 102.8

The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

labstack echo 路径遍历漏洞

labstack echo is the high-performance, minimalist Go Web framework. A security vulnerability exists in the previous version of labstack echo v4.1.18-0.20201215153152-4422e3b66b9f, which stems from incorrect cleanup of user input on Windows, where the static file handler allows for directory...

Lodestar 输入验证错误漏洞

Lodestar is a TypeScript implementation of Ethernet consensus. Versions of Lodestar prior to 0.36.0 suffer from an input validation error vulnerability that stems from the inclusion of maliciously crafted AttesterSlashing or ProposerSlashing on the chain, which may have a consensus split...

CVE-2022-1234

XSS in livehelperchat in GitHub repository livehelperchat/livehelperchat prior to 3.97. This vulnerability has the potential to deface websites, result in compromised user accounts, and can run malicious code on web pages, which can lead to a compromise of the user’s device...