CVE-2026-3915

Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

CVE-2025-48418

The CVE-2025-48418 entry describes a hidden functionality privilege-escalation vulnerability affecting Fortinet FortiAnalyzer and FortiManager (including cloud variants) across multiple versions (FortiAnalyzer: 6.4 all, 7.0.x–7.6.3; FortiAnalyzer Cloud: 6.4 all, 7.0.1–7.6.3; FortiManager: 6.4 all...

Fortinet多款产品 安全漏洞

Fortinet FortiManager is a product of the American company Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiAnalyzer Cloud is a cloud-based logging platform based on...

AZL-79544 CVE-2026-3731 affecting package libssh 0.10.6-5

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftpextensionsgetname/sftpextensionsgetdata of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may ...

ROS-20260224-73-0003

A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

CVE-2026-3061

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-2704

A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the...

PT-2026-20415

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...

CVE-2026-21974

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-21928

Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001236)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001236 advisory. Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003142)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003142 advisory. Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003342)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003342 advisory. Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, 4.9.76+, 4.4.111+ contains a Incorrect Access Control vulnerability in NFS server nfsd that can...

Astra Linux – Vulnerability in Chromium

Leakage of side-channel information in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write operations through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

CVE-2021-2403

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-1302)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1302 advisory. A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least re...

CVE-2025-13639

Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue...

Microsoft Edge (Chromium) < 143.0.3650.66 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 143.0.3650.66. It is, therefore, affected by multiple vulnerabilities as referenced in the December 4, 2025 advisory. - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote...