252317 matches found
DEBIAN-CVE-2026-9111
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
CVE-2026-39850
Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...
CVE-2026-39311
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...
CVE-2026-9126
Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-9112
Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-9119
Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
CVE-2026-9118
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-9114
Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. Chromium security severity: High...
CVE-2026-9120
Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...
CVE-2026-9111
Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...
Malicious code in @link-assistant/hive-mind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dfeaad3a9eda8f440dabe165d4ff6ba593c9858b9752d9bded19b05b292072a The package fetches https://unpkg.com/use-m/use.js — an unpinned URL that resolves to the latest published version of the third-party use-m package —...
MAL-2026-4403 Malicious code in @link-assistant/hive-mind (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7dfeaad3a9eda8f440dabe165d4ff6ba593c9858b9752d9bded19b05b292072a The package fetches https://unpkg.com/use-m/use.js — an unpinned URL that resolves to the latest published version of the third-party use-m package —...
CVE-2026-45434
Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
CVE-2026-39850
Summary: Yii 2.x before 2.0.55 contains a Local File Inclusion flaw in View::renderPhpFile() caused by caller-controlled file parameter, which can overwrite the internal file selection and potentially enable RCE and information disclosure. Affected versions: 2.0.54 and earlier. Root cause: extrac...
CVE-2026-39850 Yii 2: Local file inclusion via view parameter name collision
Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method View::renderPhpFile that leads to Local File Inclusion. The function calls extract$params, EXTROVERWRITE before the require statement that loads the view file. As a result, a...
EUVD-2026-31173
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...
CVE-2026-39311
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...
CVE-2026-39311
Trilium Notes (versions ≤ 0.102.1) contains a critical RCE due to insecure SVG handling: serving SVG attachments as image/svg+xml without sanitization, with Helmet CSP disabled and a publicly reachable backend execution API. The attacker can leverage Same-Origin Policy to fetch the document’s csr...
CVE-2026-39311 Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...
CVE-2026-39311 Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitized SVG Attachments
Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...