29728 matches found
USN-8033-7 linux-intel-iotg-5.15, linux-xilinx-zynqmp vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
USN-8033-7: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...
CVE-2025-12107
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...
CVE-2025-12107 Potential authenticated Server-Side Template Injection (SSTI) vulnerability.
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates. Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and...
CVE-2025-12107
CVE-2025-12107 is linked to a server-side template injection (SSTI) vulnerability in a vulnerable third-party Velocity template engine used by WSO2 Identity Server. An attacker with administrative privileges can inject and execute arbitrary template code on the server, potentially leading to remo...
WSO2 Identity Server 安全漏洞
WSO2 Identity Server is an identity authentication server developed by the American company WSO2. WSO2 Identity Server has a security vulnerability that stems from the use of a vulnerable third-party Velocity template engine. This vulnerability could allow attackers with administrative privileges...
PT-2026-20796
Name of the Vulnerable Software and Affected Versions versions prior to Feb. 19, 2026 Description The software uses a vulnerable third-party Velocity template engine, allowing a malicious actor with admin privilege to inject and execute arbitrary template syntax within server-side templates...
CVE-2026-2649
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-2649
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-2649
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-2649
CVE-2026-2649 affects Chromium-based browsers (Google Chrome/Chromium) via an integer overflow in the V8 engine before 145.0.7632.109, allowing remote heap corruption through a crafted HTML page. Affected products/versions include Chromium releases up to 145.0.7632.109 (various OS package updates...
CVE-2026-2649
Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
“Good enough” emulation: Fuzzing a single thread to uncover vulnerabilities
A Cisco Talos researcher worked around the limitations of hardware-level Code Read-out Protection RDP on the Socomec DIRIS M-70 gateway by pivoting from physical debugging to a "good enough" emulation approach. By focusing on emulating only the single thread responsible for Modbus protocol handli...
CVE-2025-70830
A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...
Stable Channel Update for Desktop
The Stable channel has been updated to 145.0.7632.109/110 for Windows/Mac and 145.0.7632.109 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.109 contained a security vulnerability, which was caused by integer overflow in the V8 component, potentially leading to heap corruption...
KLA90896 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in PDFium can be exploited to cause denial of service. 2...
Google Chrome < 145.0.7632.109 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 145.0.7632.109. It is, therefore, affected by multiple vulnerabilities as referenced in the 202602stable-channel-update-for-desktop18 advisory. - Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109...
Important: firefox
Issue Overview: Spoofing issue in the Downloads Panel component. This vulnerability affects Firefox 146. CVE-2025-14327 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147, Firefox ESR 115.32, and Firefox ESR 140.7. CVE-2026-0877 Sandbox escape due to incorrec...
Important: Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.26.1 Release.
Red Hat OpenShift Dev Spaces 3.26.1 has been released. 3.26.1 includes CVE fixes for CVE-2025-15467, CVE-2025-6176, CVE-2026-1761, CVE-2026-0719, CVE-2025-61732, and CVE-2025-61726. Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams an...