CVE-2026-10885

Use after free in Chrome for iOS: Google Chrome on iOS prior to 149.0.7827.53 allows remote code execution via a crafted HTML page. The issue in Chrome for iOS is confirmed in multiple sources (CVE-2026-10885). The Chrome 149 stability release includes this fix (149.0.7827.53) across desktop and ...

CVE-2026-10885

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10885

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10882

CVE-2026-10882 affects Google Chrome (Chromium-derived) prior to version 149.0.7827.53. The issue is a use-after-free in the Network component, enabling a remote attacker to execute arbitrary code via a crafted HTML page (Chrome security severity: Critical). The most relevant public detail is tha...

CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-10882

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

CVE-2026-45497

CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

...

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

...

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

CVE-2026-41249

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

CVE-2026-41249 CoreShop Vulnerable to Remote Code Execution (RCE) via Insecure `pull_request_target` Configuration

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

CVE-2026-41249

CoreShop (versions 5.0.1–5.1.0-beta.1) is affected by an RCE in GitHub Actions workflow: the static.yml workflow uses pull_request_target but checks out the PR head ref and executes bin/console from that untrusted checkout, enabling an attacker to run arbitrary code on the runner. The incident is...

EUVD-2026-34318

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow .github/workflows/static.yml uses the pullrequesttarget trigger but dangerously checks out the unverified code from the pull request head ref: $ github.event.pullrequest.head.re...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-71316

CVE-2025-71316 affects SQLite sqldiff.exe and is due to insecure handling of Unicode-to-ANSI conversion in the Windows C runtime. An attacker could use the -L option to load an arbitrary DLL by crafting a command line argument string, causing command line file arguments to be misinterpreted as op...