USN-8321-1: Papers vulnerability

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...

CVE-2026-48968

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

CVE-2026-48968 WordPress Master Slider plugin <= 3.10.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8...

CVE-2026-48968

The CVE-2026-48968 entry describes a DOM-based XSS vulnerability in the WordPress plugin Master Slider, affecting versions up to 3.10.8. The issue is caused by improper neutralization of input during web page generation. Impact is described as cross-site scripting with low to moderate implication...

Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

...

CGA-382C-27VM-3C8M

Bulletin has no description...

ALSA-2026:21382 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component CVE-2026-8391 firefo...

PT-2026-44572

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in the Document Object Model DOM, which is the programming interface for web documents, allows a remote attacker to execute arbitrary code within a sandbox by...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability, which stemmed from a reuse issue in PDFium. This vulnerability could allow remote attackers to exploit heap corruption through specially crafted...

PT-2026-47207

Unknown description...

PT-2026-47215

Unknown description...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after PDFium was released, which could allow remote attackers to exploit heap corruption...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of PDF files after their release, potentially allowing remote attackers to execute arbitrary code with...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of objects after their release in the DOM, which could allow remote attackers to execute arbitrary cod...

PT-2026-44701

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.216 Description A use after free issue in Views allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape by using a crafted PDF file. Use after free is...

PT-2026-44150

Description SymfonyComponentYamlParser::cleanup strips the optional %YAML directive header, leading comments, and document start/end markers before parsing. The original regexes contained overlapping quantifiers, most notably '^%YAML: d.+. u', whose d.+ and . overlap on the dot, that exhibit...

CVE-2026-45575

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP within the TI network can substitute a forged discovery document. The forged document redirects uripukidpenc and...

CVE-2026-44451

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous globals fetch, window, eval, etc. with undefined. A static source validator...

CVE-2026-45574

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker on the network path between the ePA service and the Konnektor can present any TLS certificate self-signed, expired, wrong CN and intercept all SOAP traffic. This includes patient...

CVE-2026-45575

The CVE concerns the epa4all-client Java client for epa4all/ePA 3.0. Before 1.2.2, an attacker who can perform a TLS man-in-the-middle between the client and the IDP within the TI network can substitute a forged discovery document. This redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-co...