CVE-2026-10893

An use after free flaw was found in the Chromoting component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513231432...

CVE-2026-10888

An use after free flaw was found in the Cast Streaming component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505815080...

CVE-2026-10883

An out of bounds write flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503768143...

CVE-2026-10887

An use after free flaw was found in the Chromoting component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=505204771...

PT-2026-47184

Name of the Vulnerable Software and Affected Versions rclone versions 1.46.0 through 1.74.2 Description When the remote control API is enabled and the --rc-serve flag is used without HTTP authentication, the software accepts unauthenticated GET and HEAD requests to paths formatted as...

Exploit for Authentication Bypass by Primary Weakness in Mantisbt

CVE-2026-30849.ts — usage This TypeScript script performs a c...

curl: SOCKS5 no-auth accepted despite username/password-only authentication

Summary: curl/libcurl appears to allow unauthenticated SOCKS5 negotiation even when the caller explicitly configures username/password-only SOCKS5 authentication. With --socks5-basic and SOCKS5 credentials set, curl still advertises both SOCKS5 method 0x00 no authentication and 0x02...

CVE-2026-48961

A flaw was found in the zipdetails command-line interface CLI tool, bundled with IO::Compress for Perl. When processing a specially crafted Info-ZIP Unix Extra Field with an 8-byte User ID UID or Group ID GID, the zipdetails tool attempts to call an undefined subroutine. This can lead to the tool...

RHEL 7 : firefox (RHSA-2026:22708)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:22708 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

EulerOS Virtualization 2.13.0 : gnupg2 (EulerOS-SA-2026-2167)

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In GnuPG before 2.4.9, armorfilter in g10/armor.c has two increments of an index variable where one is intended, leading to an...

EulerOS Virtualization 2.13.1 : python-requests (EulerOS-SA-2026-2146)

According to the versions of the python-requests package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests Session, if the first request is made...

EulerOS Virtualization 2.12.1 : libxml2 (EulerOS-SA-2026-2081)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveU...

CVE-2026-7740

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument trackid leads to denial of service. An attack has to be approached locally. The exploit has been disclosed...

CVE-2026-10218

A vulnerability has been found in nextlevelbuilder GoClaw up to 3.11.3. This affects the function auth of the file internal/http/evolutionhandlers.go. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be...

CVE-2026-45191

A flaw was found in Net::CIDR::Lite. This vulnerability allows an attacker to bypass IP Access Control Lists ACLs by providing specially crafted CIDR Classless Inter-Domain Routing mask values. The component incorrectly processes mask forms containing extraneous zero characters, such as "/00" or...

CVE-2026-42360

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

CVE-2026-39957

Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll causes the orWhereNotNull'usergroupid' clause to escape the ownership filter applied by the when block. Any authenticated non-admin user with upload permission who owns...

CVE-2026-39819

The "go bug" command writes to two files with predictable names in the system temporary directory for example, "/tmp". An attacker with access to the temporary directory can create a symlink in one of these names, causing "go bug" to overwrite the target of the symlink...

CVE-2026-44928

A flaw was found in uriparser. The EqualsUri function can incorrectly identify distinct Uniform Resource Identifiers URIs as identical. This misclassification can lead to improper URI handling within applications that use uriparser, potentially compromising data integrity. Mitigation Mitigation f...