SUSE CVE-2026-7357

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2026-36171

SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are decrypted and returned without proper sanitization. Attackers can exploit improper output...

SSCMS 跨站脚本漏洞

SSCMS SiteServerCMS is a content management system developed by SSCMS Corporation in China. Version 7.4.0 of SSCMS contains a cross-site scripting vulnerability. This vulnerability stems from STL processing of endpoint scenarios involving reflective cross-site scripts. It may allow attackers to...

Amazon Linux 2 : containerd, --advisory ALAS2NITRO-ENCLAVES-2026-098 (ALASNITRO-ENCLAVES-2026-098)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2NITRO-ENCLAVES-2026-098 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the G...

Important: edk2

Issue Overview: Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible NULL dereference when processing CMS KeyAgreeRecipientInfo CVE-2026-28389 Possible NU...

Amazon Linux 2 : edk2, --advisory ALAS2-2026-3275 (ALAS-2026-3275)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3275 advisory. Potential use-after-free in DANE client code CVE-2026-28387 NULL Pointer Dereference When Processing a Delta CRL NOTE: https://openssl-library.org/news/secadv/20260407.txt CVE-2026-28388 Possible...

Amazon Linux 2023 : golist (ALAS2023-2026-1599)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1599 advisory. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow in the Go compiler cmd/compile. As a result, the compiler would allow for invalid indexing to...

ALSA-2026:12265 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

ALSA-2026:12271 Important: libtiff security update

The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing CVE-2026-4775 For more details about the security issues,...

Absolute Secure Access 安全漏洞

Absolute Secure Access is an application developed by Absolute Corporation. It provides secure service edge SSE services optimized for mixed and mobile work environments. Versions of Absolute Secure Access prior to 14.50 contained a security vulnerability caused by a buffer overflow in the messag...

Important: ImageMagick

Issue Overview: ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when Magick parses an XML file it is possible that a single zero byte is written out of the bounds. This issue has been fixed in versions...

Server-side Request Forgery (SSRF)

Overview xhs-mcp is a XiaoHongShu CLI and MCP Server Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the xhspublishcontent MCP tool when processing the mediapaths argument. An attacker can access internal resources or perform unauthorized network requests ...

CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

CVE-2026-7422 MAC Address Validation Bypass in FreeRTOS-Plus-TCP IPv4 and IPv6 Packet Processing

Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the device's own registered endpoints, because the loopback detection...

CVE-2026-7422

CVE-2026-7422 affects FreeRTOS-Plus-TCP; insufficient packet validation in IPv4/IPv6 processing (before V4.2.6 and V4.4.1) allows an adjacent attacker to bypass checksum and minimum-size checks by spoofing the Ethernet source MAC to a local endpoint, since loopback-detection skips validation for ...

CVE-2026-22740

A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are...

Denial Of Service (DoS)

Spring Web is vulnerable to Denial of Service DoS. The vulnerability is due to improper cleanup of temporary files created during multipart request processing, where files for large parts may not be deleted after request completion, allowing attackers to exhaust disk space...

BIT-THRIFT-2026-41607 Apache Thrift: C++ JSON OOB read

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

Vulnerabilities handled in Apache Camel

The Apache Software Foundation has identified vulnerabilities in Apache Camel. These vulnerabilities exist in various components of Apache Camel. The issues include insecure deserialization, insufficient filtering of email headers, incorrect authentication path matching, and improper processing o...

RLSA-2026:11349 Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c CVE-2025-9714 For more details about the security issues, including the impact, a CVSS...