PT-2026-41527

Name of the Vulnerable Software and Affected Versions EMQX versions prior to 6.2.0 Description A race condition exists in the QoS 2 PUBLISH Packet Handler component within the apps/emqx/src/emqx persistent session ds.erl file. This issue allows a remote attacker to trigger a race condition, which...

DataEase 注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Version 2.10.20 of DataEase contains a injection vulnerability. This...

PublicCMS 安全漏洞

PublicCMS is an open-source content management system CMS developed in Java by PublicCMS Company in China. Version Sanluan PublicCMS 5.202506.d contains a security vulnerability. This vulnerability stems from a business logic error in the...

CVE-2026-42217

A flaw was found in OpenEXR. A remote attacker could exploit this vulnerability by providing a specially crafted EXR image file. The readVariableLengthInteger function, responsible for decoding variable-length integers, does not properly bound the shift count. This can lead to undefined behavior,...

CVE-2026-43907

A flaw was found in OpenImageIO. A remote attacker can exploit a signed integer overflow vulnerability by providing a specially crafted DPX image file. This flaw leads to a heap-based out-of-bounds write, which can result in a denial of service crash or potentially arbitrary code execution in...

CVE-2026-38728

The vulnerability CVE-2026-38728 affects Nodemailer smtp_server prior to version 3.18.3. The issue is triggered in the SMTPStream._write implementation (lib/smtp-stream.js), allowing a remote attacker to cause a denial of service. Impact is a DoS on the SMTP server component mentioned. The root c...

CVE-2026-38728

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

ROS-20260515-73-0037

A vulnerability in the WebML component of Google Chrome and Microsoft Edge browser is related to an operation exceeding memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0040

A vulnerability in the WebMIDI component of Google Chrome and Microsoft Edge browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

ROS-20260515-73-0003

A vulnerability in the SDLinfo function of the Firebird database management system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260515-73-0002

Vulnerability in firebird due to lack of service data protection. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information...

ROS-20260515-73-0009

A vulnerability in the sdldesc function of the Firebird database management system is related to the lack of a division by zero check. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260515-73-0055

A vulnerability in the DevTools component of the Google Chrome browser is related to access control flaws. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions using a specially crafted HTML page...

ROS-20260515-73-0051

A vulnerability in theWebAppInstalls component of Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML page...

ROS-20260515-73-0031

A vulnerability in the WebML component of the Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

CVE-2026-8520

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8520

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-8570

The CVE-2026-8570 entry concerns Google Chrome’s V8 engine. A Type Confusion in V8, affecting Chrome versions prior to 148.0.7778.168, could allow a remote attacker to read potentially sensitive data from process memory via a crafted HTML page. The description does not specify exact vulnerable bu...

CVE-2026-8560

CVE-2026-8560 describes a heap buffer overflow in SwiftShader used by Google Chrome on macOS and iOS, prior to Chrome 148.0.7778.168. The vulnerability allows a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. Affected component: SwiftShader within Chrome; impact i...

CVE-2026-8519

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...