SUSE CVE-2026-7910

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-7944

Insufficient validation of untrusted input in Persistent Cache in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-7949

Out of bounds read in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2026-7964

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-7967

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-7969

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2026-7991

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

PT-2026-39287

Name of the Vulnerable Software and Affected Versions fast-xml-builder versions prior to 1.1.7 Description When input data contains quotes in attribute values and the processEntities flag is disabled, the software incorrectly splits the attribute value into multiple attributes. This allows an...

PT-2026-39145

Name of the Vulnerable Software and Affected Versions Akamai Guardicore Platform Agent versions 7.0 through 7.3.1 Akamai Zero Trust Client versions 6.0 through 6.1.5 Akamai Guardicore Platform Agent affected versions not specified Description Local privilege escalation is possible on Linux and...

Electerm 信息泄露漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier contained an information leakage vulnerability. This vulnerability stemmed from the getConstants IPC processor, which serialized the entire process.env object and sent it to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of boundary checks on message frames in the processmessageheader function, potentially...

PT-2026-39031

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free race condition exists in the drm/amdgpu component during VM acquire. This occurs when parent and child processes sharing a drm file both attempt to acquire the same VM...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of checking whether the target buffer list is of the traditional type during recycling,...

PT-2026-39067

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libceph component where out-of-bounds reads can occur within the process message header function. This happens if a message frame is corrupted, causing the control...

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...

PT-2026-38874

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing maliciously crafted web content may lead to an unexpected process crash...

PT-2026-38646

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.7.16 Description The runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user-supplied widget identifiers without sanitization. Since runWidget is exposed to the...

PT-2026-38648

Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...

SOPlanning 跨站脚本漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains a cross-site scripting vulnerability, which stems from the groupeid parameter in the process/groupesave.php file, which exposes a cross-site scripting attack...

CVE-2024-33724

SOPlanning 1.52.00 is vulnerable to Cross Site Scripting XSS via the groupeid parameter to process/groupesave.php...