29728 matches found
Google Chrome Security Bypass Vulnerability (CNVD-2026-11755)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...
CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CVE-2026-24904 TrustTunnel has `client_random_prefix` rule bypass via fragmented or partial TLS ClientHello
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tlslistener.rs, TlsListener::listen peeks 1024 bytes and calls extractclientrandom.... If parsetlsplaintext fails for example, a fragmented/partial ClientHello split across TCP writes,...
CLSA-2026-1769701085 pki-servlet-engine: Fix of CVE-2025-31651
CVE-2025-31651: fix improper neutralization of escape, meta or control sequences to avoid bypassing rewrite rules...
Denial Of Service (DoS)
github.com/kyverno/kyverno is vulnerable to Denial Of Service DoS. The vulnerability is due to unbounded memory usage in the policy engine when processing crafted policies that exponentially amplify string data via context variables, which allows an attacker with policy creation privileges to...
qt6-webengine -- multiple vulnerabilities
Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...
PT-2026-5356
TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In tls listener.rs, TlsListener::listen peeks 1024 bytes and calls extract client random.... If parse tls plaintext fails for example, a fragmented/partial ClientHello split across TCP writes, extrac...
📄 Zabbix Agent Binaries 7.4 OpenSSL Path Scanner
This tool performs static analysis on Zabbix Agent binaries to identify hardcoded OpenSSL paths such as OPENSSLDIR, ENGINESDIR, and MODULESDIR. It leverages strings and radare2 to extract embedded configuration paths, OpenSSL version information, and indicators of dynamic engine or module loading...
PT-2026-6070
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 144.0.7559.132 Description A type confusion issue exists in the V8 engine within Google Chrome. This can lead to heap corruption when processing specially crafted HTML pages. A proof-of-concept PoC has been...
CVE-2026-0746
The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'getaudio' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations...
CVE-2026-23881
Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows users with policy creation privileges to cause denial of service by crafting policies that exponentially...
CVE-2026-24736
Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the Rules engine. The url parameter in the webhook configuration does not appear to validate or restri...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
sqlmap-CTT-v3.0-SQL-Injection-Engine-Full-33-layer-fractal-temporal-resonance-implementation-in-C
sqlmap-CTT-v3.0-SQL-Injection-Engine-Full-33-layer-fractal-tem...
CVE-2026-24829
Out-of-bounds Write, Heap-based Buffer Overflow vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4...
CVE-2026-24828
Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
EUVD-2026-4890
The AI Engine – The Chatbot and AI Framework for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the resthelpersupdatemediametadata function in all versions up to, and including, 3.3.2. This makes it possible for authenticated attacker...
CVE-2026-1400
CVE-2026-1400 – AI Engine (WordPress) Arbitrary File Upload Summary: The AI Engine – The Chatbot and AI Framework for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in rest_helpers_update_media_metadata. Affected versions are up to 3.3.2. What’s vulne...