aws-credential-process (=0.20.0), aws-session-daemon (>=0.1.0 <=0.6.0) +2 more potentially affected by CVE-2026-40947 via yubikey-manager (>=5.0.0 <=5.1.1)

yubikey-manager PYPI version =5.0.0, =0.1.0, =1.0.0, =1.6.6 Source cves: CVE-2026-40947 Source advisory: SNYK:PYTHON-YUBIKEYMANAGER-16325204...

CVE-2026-30656

A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...

CSLE: A Reinforcement Learning Platform for Autonomous Security Management

Reinforcement learning is a promising approach to autonomous and adaptive security management in networked systems. However, current reinforcement learning solutions for security management are mostly limited to simulation environments and it is unclear how they generalize to operational systems...

Google Chrome Dawn Component Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google with a Dawn component to handle WebGPU related functions. A memory misreference vulnerability exists in the Dawn component of Google Chrome. The vulnerability stems from improper management of the lifecycle of specific objects in the Dawn compone...

PT-2026-33244

An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows t...

Google Chrome Viz Component Memory Misreference Vulnerability

Google Chrome is a web browser developed by Google. A memory misreference vulnerability exists in the Viz component of Google Chrome. The vulnerability stems from a failure of the Viz component to properly handle memory objects, which can be exploited by an attacker to potentially sandbox escape ...

CVE-2026-30656

A NULL pointer dereference vulnerability exists in fio Flexible I/O Tester v3.41 when parsing job files containing the fdppli option. The callback function strfdpplicb does not validate the input pointer and calls strdup on a NULL value when the option is specified without an argument. This resul...

CVE-2026-4949 ProfilePress <= 4.16.12 - Missing Authorization to Authenticated (Subscriber+) Inactive Membership Plan Subscription

The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'processcheckout' function not properly enforcing...

EUVD-2026-23084

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

EUVD-2026-23064

Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper truncation of subresource names in the authorization process. An attacker can gain unauthorized access to subresources or perform unauthorized actions by exploiting incorrect permission evaluation...

CVE-2026-40191

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the source path of dual-path file operations against File Access Authorization FAA rules and App Jail...

dev.dsf:dsf-maven-plugin (>=2.0.0 <=2.1.0) potentially affected by CVE-2026-40942 via dev.dsf:dsf-bpe-process-api-v2 (>=2.0.0-M3 <=2.1.0)

dev.dsf:dsf-bpe-process-api-v2 MAVEN version =2.0.0-M3, =2.0.0, =2.1.0 Source cves: CVE-2026-40942 Source advisory: OSV:GHSA-XMJ9-7625-F634...

CVE-2026-6364

CVE-2026-6364 is a reported out-of-bounds read in the Google Chrome Skia component, affecting Chrome before version 147.0.7727.101. The CVE description states that an attacker could obtain potentially sensitive information from process memory via a crafted file. Public advisories confirm the issu...

CVE-2026-6314

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6309

Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-6304

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-5713

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 — Flowise AI Authenticated Remote Code Executio...