Google Chrome 输入验证错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a vulnerability related to input validation. This vulnerability stemmed from insufficient trustworthiness in Skia’s input validation mechanisms, which could allow remote attackers t...

Google Chrome 竞争条件问题漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a race condition vulnerability, which originated from a race condition issue in the Payments component. This vulnerability could allow remote attackers to exploit the system by usin...

PT-2026-40284

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

PT-2026-40453

Name of the Vulnerable Software and Affected Versions Linux ksmbd affected versions not specified Description A remote memory corruption issue exists in the ACL inheritance path. Remote clients with directory creation permissions can trigger a heap out-of-bounds read and subsequent heap corruptio...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a buffer overflow vulnerability. This vulnerability stemmed from out-of-bounds write operations in the Media component, which could allow remote attackers with compromised rendering...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability. This vulnerability stemmed from incorrect security UI in the Downloads component, which could allow remote attackers to execute UI spoofing through a...

ROS-20260512-73-0004

Vulnerability in python-PyPDF2 related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-8349 omec-project amf NGAP Message memory corruption

A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing a manipulation can lead to memory corruption. The attack can be launched remotely. The exploit has been published and may be used. This patch is called...

CVE-2026-8349

CVE-2026-8349 affects the omec-project amf up to 2.1.1, specifically the NGAP Message Handler. A remote manipulation can cause memory corruption. An exploit has been published; a patch is available (hash: 8a4c33cdda866094f1989bdeff6d8642fce8de8435f89defd66831c97715f5aa). Remediation: apply the pa...

CVE-2026-8346 D-Link DIR-816 portForward command injection

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2026-8346

The CVE-2026-8346 entry concerns D-Link DIR-816 devices (firmware 1.10CNB05_R1B011D88210/variants) where the portForward function is vulnerable. A flaw in handling the ip_address argument enables remote command injection, with reported public exploits. The affected component is the portForward lo...

CVE-2026-8346 D-Link DIR-816 portForward command injection

A vulnerability was detected in D-Link DIR-816 1.10CNB05R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ipaddress results in command injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2026-8345

The vulnerability CVE-2026-8345 affects D-Link DIR-816 devices (firmware version 1.10CNB05_R1B011D88210). The issue resides in function sub_445E7C of /goform/singlePortForward, where manipulating the ip_address argument enables command injection. Exploitation can be performed remotely. The public...

CVE-2026-8345 D-Link DIR-816 singlePortForward sub_445E7C command injection

A security vulnerability has been detected in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this issue is the function sub445E7C of the file /goform/singlePortForward. Such manipulation of the argument ipaddress leads to command injection. It is possible to launch the attack remotely. The...

EUVD-2026-29201

A security flaw has been discovered in VectifyAI PageIndex up to f50e52975313c6716c02b20a119577a1929decba. Affected by this vulnerability is the function toctransformer of the file pageindex/pageindex.py of the component PDF Table of Contents Handler. The manipulation results in infinite loop. Th...

CVE-2026-8344 D-Link DIR-816 formDMZ.cgi sub_445E7C command injection

A weakness has been identified in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this vulnerability is the function sub445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-8344

A weakness has been identified in D-Link DIR-816 1.10CNB05R1B011D88210. Affected by this vulnerability is the function sub445E7C of the file /goform/formDMZ.cgi. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing

A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations,...

CVE-2026-8231

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

CVE-2026-8221

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacte...