CVE-2026-11665

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

DEBIAN-CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

Adobe InDesign Desktop 缓冲区错误漏洞

Adobe InDesign Desktop is a page layout software developed by Adobe, a company based in America. Versions of Adobe InDesign Desktop such as 21.3, 20.5.3, and earlier versions have a buffer error vulnerability. This vulnerability stems from an out-of-bounds read issue, which may lead to sensitive...

SQLite 安全漏洞

SQLite is a lightweight database developed under the open-source SQLite project. It is an ACID-compliant relational database management system. There was a security vulnerability in versions of SQLite prior to 3.53.2. This vulnerability stemmed from a heap buffer overflow issue in the FTS5...

QNAP Systems QTS和QNAP Systems QuTS hero 跨站脚本漏洞

QNAP Systems QTS and QNAP Systems QuTS hero are software products with data storage and management functions developed by QNAP Systems, a company based in Taiwan, China. Both products have cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to bypass security...

PT-2026-47536

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

PT-2026-47843

Name of the Vulnerable Software and Affected Versions OpenSSL versions 3.0 through 3.3 Description The implementations of AES-SIV and AES-GCM-SIV mishandle the authentication of Additional Authenticated Data AAD when the ciphertext is empty, which allows for the forgery of such messages. In the...

SAP NetWeaver ABAP Platform 安全漏洞

SAP NetWeaver ABAP Platform is an integrated technology platform developed by the German company SAP. There is a security vulnerability in SAP NetWeaver ABAP Platform, which stems from the lack of necessary authorization checks for authenticated users. This vulnerability could allow attackers to...

Security Updates for Microsoft Excel Products (June 2026)

The Microsoft Excel Products are missing a security update. They are, therefore, affected by multiple vulnerabilities: - Integer underflow wrap or wraparound in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CVE-2026-44817, CVE-2026-44818, CVE-2026-44820,...

PT-2026-48319

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

PT-2026-48312

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

PT-2026-47763

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

Synthetic TIFF Corpus Generator for Parser Validation and Boundary Condition Testing

This Python script generates a small corpus of synthetic TIFF-like files designed for validating parser behavior across different image dimension scenarios...

PT-2026-47718

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The unlisted question feature fails to enforce access restrictions on direct API endpoints. This allows authenticated users to discover and access unlisted questions, including their answers,...

Deserialization of Untrusted Data

Overview org.springframework.pulsar:spring-pulsar is a Spring Pulsar Core Affected versions of this package are vulnerable to Deserialization of Untrusted Data via trusted package validation in JsonPulsarHeaderMapper. An attacker can trigger deserialization of unintended classes by supplying...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via Query By Example QBE StringMatcher handling. An attacker can perform boolean-based blind data inference by supplying wildcard characters in externally controlled input used to populate a QBE probe. When...

Deserialization of Untrusted Data

Overview org.springframework.security:spring-security-saml2-service-provider is a security component for the Spring Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via deserialization of credential data stored in JdbcAssertingPartyMetadataRepositor...

PT-2026-47974

Server-side request forgery ssrf in Microsoft Exchange Server allows an authorized attacker to disclose information over a network...

PT-2026-48324

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0...