Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of WebRTC after it was released, which could allow remote attackers to execute arbitrary code through ...

Drupal core - Highly critical - SQL injection - SA-CORE-2026-004

Drupal core includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests, resulting in arbitrary SQL injection for sites using PostgreSQL...

PT-2026-42184

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service JetDirect on TCP port 9100...

Linux Distros Unpatched Vulnerability : CVE-2026-8430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing...

Unbound -- Multiple vulnerabilities

NLnet Labs reports: This release consolidates security fixes for issues reported over a period of time. There are fixes for: CVE-2026-33278: Possible remote code execution during DNSSEC validation. CVE-2026-42944: Heap overflow and crash with multiple nsid, cookie, padding EDNS options...

FreeBSD -- Remote code execution via installer Wi-Fi access point scans

Problem Description: When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to...

Trilium Notes 跨站脚本漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large-scale personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from deficiencies such as...

CVE-2026-39047

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service JetDirect on TCP port 9100...

PT-2026-42146

Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.4 Description An issue exists where the Symbol.for override in setup-sandbox.js only intercepts a small portion of dangerous Node.js cross-realm symbols. This is compounded by the bridge's set, defineProperty, and...

PT-2026-42173

Name of the Vulnerable Software and Affected Versions Twig affected versions not specified Description The Compiler::string function fails to escape single quotes when generating PHP double-quoted string literals. In ModuleNode::compileConstructor, template names from a % use % tag are processed...

react-doc-viewer 跨站脚本漏洞

react-doc-viewer is a React documentation viewer component developed by Damian Cyntler. Version 1.17.1 of react-doc-viewer contains a cross-site scripting vulnerability. This vulnerability arises from the TXTRenderer component failing to clean up file content and explicitly converting raw data in...

PT-2026-42377

SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel...

CVE-2026-39047

Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service JetDirect on TCP port 9100...

Cisco ThousandEyes Enterprise Agent 操作系统命令注入漏洞

Cisco ThousandEyes Enterprise Agent is an application developed by Cisco, a US-based company. It provides extended visibility, automated insights, and seamless workflows. There is a vulnerability in the Cisco ThousandEyes Enterprise Agent that involves operating system command injection. This...

EPSON L14150 安全漏洞

The EPSON L14150 is a multifunctional printer from the Japanese company EPSON. It supports A3+ format printing and wireless connectivity. The EPSON L14150 FL27PB version has a security vulnerability. This vulnerability stems from a buffer overflow issue in the RAW Printing Service JetDirect on po...

CVE-2026-39047

The CVE-2026-39047 describes a Buffer Overflow in EPSON L14150 FL27PB’s RAW Printing Service (JetDirect) over TCP port 9100 that could allow a remote attacker to execute arbitrary code. Affected product appears to be the EPSON L14150 family; the vulnerable surface is the JetDirect/RAW port 9100 h...

PT-2026-42868

CVE-2026-8399 - Apache Struts Remote Code Execution Vulnerability CVE ID :CVE-2026-8399 Published : May 20, 2026, 11:16 p.m. | 16 minutes ago Description :Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity: 0.0 | NA Visit the link for more details...

PT-2026-42225

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : nginx vulnerability (USN-8271-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8271-1 advisory. It was discovered that the nginx ngxhttprewritemodule component incorrectly handled certain rewrite directives. A remote attacker...

Mesalvo Meona Client Launcher Component和Mesalvo Meona Server Component 代码注入漏洞

The Mesalvo Meona Client Launcher Component and the Mesalvo Meona Server Component are both products of the Mesalvo company. The Mesalvo Meona Client Launcher Component is a component designed for launching clients of medical information systems and facilitating application access. The Mesalvo...