CVE-2026-11675

CVE-2026-11675 : Out-of-bounds read in Skia used by Google Chrome before 149.0.7827.103. A remote attacker who compromises the renderer process could leak cross-origin data via a crafted HTML page. The issue arises from Skia, with impact limited to confidentiality (LOW in CVSS 3.1 per the documen...

CVE-2026-11675

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11675

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11675

Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

CVE-2026-11668

CVE-2026-11668 concerns Google Chrome on Linux and ChromeOS versions before 149.0.7827.103, with an uninitialized use in codecs leading to potential cross-origin data leakage via a crafted video file. The issue is described as high severity; affected: Chrome on Linux/ChromeOS prior to the listed ...

CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

CVE-2026-11668

Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. Chromium security severity: High...

CVE-2026-11665

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11665

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

CVE-2026-11665

Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

DEBIAN-CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompressor to resume from an invalid internal state and perform out-of-bounds writes to a stack buffer...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the bz2.BZ2Decompressor objects. An attacker can cause out-of-bounds writes to a stack buffer by reusing a decompressor object after a decompression error and providing crafted input. This can result in...

coruna-postexploit

Coruna Post-Exploitation Framework Overview This is a com...

GHSA-H9FJ-C2QR-76G2 FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

Summary The TDengine DAQ storage connector's escapeTdString at server/runtime/storage/tdengine/index.js:10 doubles single quotes but does not escape backslashes. TDengine's SQL parser treats ' as a literal single quote inside a string, so a tag id of the form x' OR 1=1-- escapes the first single...

FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

Summary The TDengine DAQ storage connector's escapeTdString at server/runtime/storage/tdengine/index.js:10 doubles single quotes but does not escape backslashes. TDengine's SQL parser treats ' as a literal single quote inside a string, so a tag id of the form x' OR 1=1-- escapes the first single...

FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPERTY with response reading

Summary An unauthenticated attacker Alice connects to FUXA's Socket.IO endpoint and emits a device-webapi-request event whose property.address field names an arbitrary URL. FUXA's DEVICEWEBAPIREQUEST handler at server/runtime/index.js:296 calls axios.getaddress server-side and broadcasts the full...

GHSA-5XRH-QMMQ-W6CH Netty: SCTP reassembly nests buffers without bound

For each non-complete SctpMessage fragment the handler does fragments.putstreamId, Unpooled.wrappedBufferfrag, byteBuf, wrapping the previous accumulator and the new slice into a new CompositeByteBuf every time. After N fragments the accumulator is an N-deep chain of composites, each holding...