CVE-2026-9754

An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command...

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

Exploit for CVE-2026-28699

CVE-2026-28699 — Gitea OAuth2 Scope Bypass via HTTP Basic Auth...

PT-2026-48656

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 18.10 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue exists where insufficient validation of secondary URLs could allow an authenticated user to...

PT-2026-48636

An integer underflow vulnerability was found in MIT krb5 in the berval2tl data function in plugins/kdb/ldap/libkdb ldap/ldap principal2.c. The function performs an unsigned subtraction bv len - 2 without a prior bounds check. When bv len is 0 or 1, the subtraction wraps to a large value which is...

PT-2026-48742

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.18 Description An issue in browser control allows authenticated users to perform server-side request forgery SSRF, which is a flaw that enables an attacker to induce the server-side application to make request...

PT-2026-48654

Golem OEE MES is vulnerable to an unauthenticated path traversal flaw. This vulnerability allows an attacker in the same local network to read arbitrary files from the server's operating system by manipulating HTTP request paths. This issue has been fixed in version 11.6.0...

Neuron Golem OEE MES 路径遍历漏洞

Neuron Golem OEE MES is a manufacturing execution system and equipment integrated efficiency management platform developed by the Polish company Neuron. The Neuron Golem OEE MES has a path traversal vulnerability, which stems from a path traversal flaw. This vulnerability could allow attackers...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a buffer overflow vulnerability, which was caused by an out-of-bounds read issue in the Video component. This vulnerability could allow remote attackers to obtain sensitive...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.115 contained a buffer overflow vulnerability. This vulnerability stemmed from an out-of-bound read operation in the VideoCapture component, which could allow remote attackers to obtain sensitive...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : NNCP vulnerability (USN-8359-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has a package installed that is affected by a vulnerability as referenced in the USN-8359-1 advisory. It was discovered that NNCP did not properly sanitize file paths in packet data during file requesting and file saving operations. A remote...

PT-2026-48779

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description An out of bounds read exists in VideoCapture, which allows a remote attacker who has compromised the GPU process to obtain potentially sensitive information from process memory by usin...

PT-2026-48772

Name of the Vulnerable Software and Affected Versions Google Chrome on ChromeOS versions prior to 149.0.7827.115 Description An out of bounds read occurs in the Video component, which allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive...

chromium -- security fixes

Chrome Releases reports: This update includes 28 security fixes: 516731749 Critical CVE-2026-12007: Use after free Core. Reported by Google on 2026-05-26 516942828 Critical CVE-2026-12008: Use after free DigitalCredentials. Reported by Google on 2026-05-27 517332006 Critical CVE-2026-12009:...

CVE-2026-42326

A flaw was found in ImageMagick, a software used for editing and manipulating digital images. A local attacker could exploit this vulnerability by providing a malicious input file. When ImageMagick attempts to write an IPTC output file, this malicious input could cause the software to read beyond...

CVE-2026-45359

A flaw was found in ImageMagick. A local attacker could exploit this vulnerability by providing an invalid 'connected-components:keep-top' value during image processing. This could lead to a heap buffer over-read, potentially resulting in information disclosure or a denial of service DoS...

CVE-2026-49219

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

CVE-2026-46695

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

EUVD-2026-36166

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...