SUSE CVE-2026-9992

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-9999

The CVE-2026-9999 entry describes an inappropriately implemented ANGLE component in Google Chrome on macOS prior to 148.0.7778.216, enabling a remote attacker to execute arbitrary code inside the Chrome sandbox via a crafted HTML page. The risk is tied to the ANGLE implementation in Chrome/Chromi...

java-1.8.0-openjdk: Fix of 7 CVEs

Upgrade to openjdk-shenandoah-jdk8u-shenandoah-jdk8u492-b09. That fixes following CVEs: - CVE-2026-22003: hotspot DoS via sandboxed Java Web Start/applets with untrusted code resource exhaustion - CVE-2026-22007: Security component, local high-complexity low-impact info disclosure -...

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the node-custom-function endpoint when user-supplied JavaScript is executed in a NodeVM sandbox without sufficient route-level authorization. A user can execute...

CVE-2026-6302

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

EUVD-2026-20671

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Malicious code in sandbox-bash-authorize-hot-simulate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 03dc660b6955606964bbd1a854d1ccdb491b52ee29cc056775e7f0a9e7c47d4e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2023-42125

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premium Security. An attacker must first obtain the ability to execute low-privileged code on the target...

GHSA-52MQ-6JCV-J79X User content sandbox can be confused into opening arbitrary documents

Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...

User content sandbox can be confused into opening arbitrary documents

Impact The user content sandbox can be abused to trick users into opening unexpected documents after several user interactions. The content can be opened with a blob origin from the Matrix client, so it is possible for a malicious document to access user messages and secrets. Patches This has bee...