Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a resource management vulnerability that stemmed from the reuse of V8 objects after its release. This vulnerability could allow attackers to exploit heap corruption...

chromium -- security fixes

Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability caused by improper implementation of the V8 engine. This vulnerability could allow arbitrary code to be executed within a sandbox through...

RHEL 8 : thunderbird (RHSA-2026:6917)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:6917 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Use-after-free in the JavaScript Engine...

Fedora 45 : moby-engine (2026-e520168745)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-e520168745 advisory. Automatic update for moby-engine-29.4.0-1.fc45. Changelog Tue Apr 7 2026 Bradley G Smith - 29.4.0-1 - Update to release v29.4.0 - Resolves: rhbz2455894 -...

pentest-agent

Pentest Agent AI-powered penetration testing agent using Clau...

VulnHive-AI

Pentest Agent AI-powered penetration testing agent using Clau...

Regular Expression without Anchors

Overview Affected versions of this package are vulnerable to Regular Expression without Anchors in the parseModelURL function in Ollama Engine startup probe that allows shell metacharacters like ;, |, $, and backticks. An attacker can execute arbitrary operating system commands by supplying a...

GO-2026-4920 KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai

KubeAI: OS Command Injection via Model URL in Ollama Engine startup probe allows arbitrary command execution in model pods in github.com/kubeai-project/kubeai...

CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

UBUNTU-CVE-2026-26263

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

EUVD-2026-19248

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

CVE-2026-26263

CVE-2026-26263 affects GLPI

CVE-2026-26263 GLPI has an Unauthenticated SQL Injection via Search engine

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

BIT-NODE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

PT-2026-30610

GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated time-based blind SQL injection exists in GLPI's Search engine. This vulnerability is fixed in 11.0.6...

GLPI SQL注入漏洞

GLPI is an open-source IT and asset management software developed by GLPI. This software provides a comprehensive IT resource management interface, allowing you to create databases for managing various IT assets such as computers, monitors, servers, printers, network devices, telephones, and even...

composio-griptape (>=0.3.13 <=0.7.20), griptape-cli (=0.1.0) +5 more potentially affected by CVE-2026-5596 via griptape (>=1.10.2 <=1.8.13)

griptape PYPI version =1.10.2, =0.3.13, =0.26.4, =0.84.0, =0.8.0, =2.0.3, =2.2.9 Source cves: CVE-2026-5596 Source advisory: SNYK:PYTHON-GRIPTAPE-15915642...

EUVD-2026-19066

A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function issafeast of the file sandbox.py of the component AST Validation. Such manipulation leads to improper neutralization of special elements used in a template engine. The attack may...