CVE-2026-12442

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

Oracle PeopleSoft Unauthenticated Java Deserialization SSRF / RCE (CVE-2026-35273)

Binary data oraclepeoplesoftssrfcve202635273.nbin...

PT-2026-50440

Name of the Vulnerable Software and Affected Versions Python StateMachine versions 3.0.0 through 3.1.x Description An issue exists where the library evaluates expressions from SCXML documents unsafely. The SCXMLProcessor passes attacker-controlled expression strings from attributes through a call...

CVE-2026-36418

JimuReport versions 2.3.4 and below are vulnerable to remote code execution due to improper handling of Aviator expressions. The /jmreport/executeSelectApi endpoint passes user-supplied input directly to the Aviator expression engine without adequate validation allowing attackers to execute...

CVE-2026-36418

The CVE concerns JimuReport versions ≤ 2.3.4, where remote code execution is possible via the /jmreport/executeSelectApi endpoint due to inadequate validation of user input passed to the Aviator expression engine. This is caused by improper handling of Aviator expressions, allowing arbitrary code...

PT-2026-50607

Name of the Vulnerable Software and Affected Versions Drupal core affected versions not specified Description Drupal core contains a gadget chain, which is a sequence of existing code fragments that can be leveraged during the deserialization of untrusted data. While this issue is not directly...

Bosch Security Systems IP Cameras Remote Code Execution (CVE-2018-19036)

An issue was discovered in several Bosch IP cameras running firmware 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. This plugin only works with Tenable.ot. Please visit...

PT-2026-50192

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

PT-2026-50193

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

MAL-2026-5936 Malicious code in vite-config-field (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e5dabbc9cf746e153391fbe76f4dc54f9bccb9f7fd467d5b80d07c84ab1fb58 [email protected] impersonates the legitimate vite-plugin-pwa package README copies its banner/badges, funding field points at antfu's GitHub...

EUVD-2026-37195

In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37196

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37193

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37180

In mfccoregetdecmetadataseinal of mfccoreregapi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37185

In IntfGraphCreate of intfgraph.c, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37181

In mfccorenalqgetdecmetadataseinal of mfccorenalq.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37182

In multiple functions of VideoRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37183

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2026-37188

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...